Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f3aef511705f37f9792c6032b936ca61.exe

Overview

General Information

Sample name:f3aef511705f37f9792c6032b936ca61.exe
Analysis ID:1569764
MD5:e4631d6e2fee44de27d84aff1ce7c7a5
SHA1:d16bc9a9e7249e8f5b519cabbaafa0f1462bccdd
SHA256:008478ff6c70392e5ecf933881df2c44f31fdf76ad88c407191233cb39de6528
Tags:exenjratRATuser-abuse_ch
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops fake system file at system root drive
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Creates autorun.inf (USB autostart)
Creates autostart registry keys with suspicious names
Drops PE files to the startup folder
Drops PE files with benign system names
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Protects its processes via BreakOnTermination flag
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: New RUN Key Pointing to Suspicious Folder
Sigma detected: System File Execution Location Anomaly
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses netsh to modify the Windows network and firewall settings
Uses taskkill to terminate AV processes
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
File is packed with WinRar
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match

Classification

Process Tree

  • System is w10x64
  • f3aef511705f37f9792c6032b936ca61.exe (PID: 5840 cmdline: "C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe" MD5: E4631D6E2FEE44DE27D84AFF1CE7C7A5)
    • NjRAT.exe (PID: 3356 cmdline: "C:\Users\user\Desktop\NjRAT.exe" MD5: 5C02E4B0AD99D924AA9EED7D706BFE12)
      • svchost.exe (PID: 1536 cmdline: "C:\Users\user\AppData\Local\Temp\svchost.exe" MD5: 5C02E4B0AD99D924AA9EED7D706BFE12)
        • netsh.exe (PID: 5908 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\svchost.exe" "svchost.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
          • conhost.exe (PID: 6412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • taskkill.exe (PID: 6004 cmdline: taskkill /F /IM ProcessHacker.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
          • conhost.exe (PID: 1124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • rundll32.exe (PID: 768 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • svchost.exe (PID: 6416 cmdline: "C:\Users\user\AppData\Local\Temp\svchost.exe" .. MD5: 5C02E4B0AD99D924AA9EED7D706BFE12)
  • svchost.exe (PID: 7136 cmdline: "C:\Users\user\AppData\Local\Temp\svchost.exe" .. MD5: 5C02E4B0AD99D924AA9EED7D706BFE12)
  • svchost.exe (PID: 2292 cmdline: "C:\Users\user\AppData\Local\Temp\svchost.exe" .. MD5: 5C02E4B0AD99D924AA9EED7D706BFE12)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "2.tcp.eu.ngrok.io", "Port": "16299", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "svchost.exe", "Install Dir": "TEMP"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\svchost.exeJoeSecurity_NjratYara detected NjratJoe Security
    C:\Users\user\AppData\Local\Temp\svchost.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\Users\user\AppData\Local\Temp\svchost.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x64c1:$a1: get_Registry
      • 0x7ee2:$a3: Download ERROR
      • 0x81d4:$a5: netsh firewall delete allowedprogram "
      C:\svchost.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x64c1:$a1: get_Registry
      • 0x7ee2:$a3: Download ERROR
      • 0x81d4:$a5: netsh firewall delete allowedprogram "
      C:\Users\user\Desktop\NjRAT.exeJoeSecurity_NjratYara detected NjratJoe Security
        Click to see the 12 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x62c1:$a1: get_Registry
          • 0x7ce2:$a3: Download ERROR
          • 0x7fd4:$a5: netsh firewall delete allowedprogram "
          00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x7eca:$a1: netsh firewall add allowedprogram
          • 0x80c4:$b1: [TAP]
          • 0x806a:$b2: & exit
          • 0x8036:$c1: md.exe /k ping 0 & del
          00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
            00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
            • 0x6d68d:$a1: get_Registry
            • 0x86ee1:$a1: get_Registry
            • 0xb1e67:$a1: get_Registry
            • 0x2ecd7b:$a1: get_Registry
            • 0x2ed885:$a1: get_Registry
            • 0x2f9868:$a1: get_Registry
            • 0x2f9f84:$a1: get_Registry
            • 0x2fa6a6:$a1: get_Registry
            • 0x2fade1:$a1: get_Registry
            • 0x2fb51c:$a1: get_Registry
            • 0x2fbc4c:$a1: get_Registry
            • 0x2fc381:$a1: get_Registry
            • 0x2fcab9:$a1: get_Registry
            • 0x31c87e:$a1: get_Registry
            • 0x31f8ac:$a1: get_Registry
            • 0x3200ec:$a1: get_Registry
            • 0x323b18:$a1: get_Registry
            • 0x3266c3:$a1: get_Registry
            • 0x326fa1:$a1: get_Registry
            • 0x327849:$a1: get_Registry
            • 0x328128:$a1: get_Registry
            Click to see the 5 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            2.0.NjRAT.exe.10000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
              2.0.NjRAT.exe.10000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
              • 0x64c1:$a1: get_Registry
              • 0x7ee2:$a3: Download ERROR
              • 0x81d4:$a5: netsh firewall delete allowedprogram "
              2.0.NjRAT.exe.10000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
              • 0x80ca:$a1: netsh firewall add allowedprogram
              • 0x82c4:$b1: [TAP]
              • 0x826a:$b2: & exit
              • 0x8236:$c1: md.exe /k ping 0 & del
              2.0.NjRAT.exe.10000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
              • 0x81d4:$s1: netsh firewall delete allowedprogram
              • 0x80ca:$s2: netsh firewall add allowedprogram
              • 0x8234:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
              • 0x7ebe:$s4: Execute ERROR
              • 0x7f1e:$s4: Execute ERROR
              • 0x7ee2:$s5: Download ERROR
              • 0x827a:$s6: [kl]
              0.3.f3aef511705f37f9792c6032b936ca61.exe.6c6ca20.0.raw.unpackJoeSecurity_NjratYara detected NjratJoe Security
                Click to see the 5 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Files With System Process Name In Unsuspected Locations
                Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\NjRAT.exe, ProcessId: 3356, TargetFilename: C:\Users\user\AppData\Local\Temp\svchost.exe
                Sigma detected: New RUN Key Pointing to Suspicious Folder
                Source: Registry Key setAuthor: Florian Roth (Nextron Systems), Markus Neis, Sander Wiebing: Data: Details: "C:\Users\user\AppData\Local\Temp\svchost.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\svchost.exe, ProcessId: 1536, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6d90d9a2ca0b357d5f629d5cdbe8d0d2
                Sigma detected: System File Execution Location Anomaly
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Local\Temp\svchost.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\svchost.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\svchost.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\NjRAT.exe" , ParentImage: C:\Users\user\Desktop\NjRAT.exe, ParentProcessId: 3356, ParentProcessName: NjRAT.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\svchost.exe" , ProcessId: 1536, ProcessName: svchost.exe
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\Temp\svchost.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\svchost.exe, ProcessId: 1536, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6d90d9a2ca0b357d5f629d5cdbe8d0d2
                Sigma detected: Startup Folder File Write
                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\svchost.exe, ProcessId: 1536, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Local\Temp\svchost.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\svchost.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\svchost.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\NjRAT.exe" , ParentImage: C:\Users\user\Desktop\NjRAT.exe, ParentProcessId: 3356, ParentProcessName: NjRAT.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\svchost.exe" , ProcessId: 1536, ProcessName: svchost.exe
                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\Temp\svchost.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Local\Temp\svchost.exe, ProcessId: 1536, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\6d90d9a2ca0b357d5f629d5cdbe8d0d2
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\AppData\Local\Temp\svchost.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\svchost.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\svchost.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\NjRAT.exe" , ParentImage: C:\Users\user\Desktop\NjRAT.exe, ParentProcessId: 3356, ParentProcessName: NjRAT.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\svchost.exe" , ProcessId: 1536, ProcessName: svchost.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Drops fake system file at system root drive
                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Local\Temp\svchost.exe, ProcessId: 1536, TargetFilename: C:\svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T09:47:38.168327+010020211761Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:43.073098+010020211761Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:48.097368+010020211761Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:53.075800+010020211761Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T09:47:38.168327+010020331321Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:43.073098+010020331321Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:48.097368+010020331321Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:53.075800+010020331321Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T09:47:43.406131+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:29.997440+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:31.859286+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:37.843585+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:38.061987+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:39.251298+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:39.374864+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:39.563767+010028255641Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                2024-12-06T09:48:44.015364+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:44.135109+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:44.254928+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:44.343637+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:44.374742+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:44.958733+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:51.329348+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:51.773740+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:52.374092+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:53.947725+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:54.133502+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:54.253470+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:54.667514+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:55.748238+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:55.958955+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:56.616010+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:56.735824+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:57.338326+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:57.818525+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:58.552553+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:59.163581+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:59.783533+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:00.382947+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:00.535873+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:01.021710+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:01.143820+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:01.597448+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:01.880962+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:02.484241+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:03.088511+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:03.688001+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:04.321987+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:04.441787+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:04.561681+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:05.041504+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:05.401328+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:05.884227+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:06.004085+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:06.123871+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:06.244164+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:06.486800+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:06.607473+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:07.214042+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:07.395085+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:07.634952+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:07.774247+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:08.374875+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:08.975589+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:09.450656+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:09.869480+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:09.989301+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:10.229029+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:10.588731+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:10.948706+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:11.551709+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:12.032036+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:12.152025+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:12.777806+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:13.377275+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:13.977146+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:14.097059+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:14.336765+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:14.699209+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:15.299774+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:15.783873+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:16.385518+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:16.505973+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:16.745839+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:16.865755+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:16.985572+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:17.136735+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:17.379596+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:17.982962+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:18.103672+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:18.224405+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:18.841775+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:19.336897+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:19.966160+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:20.569434+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:20.932141+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:21.053035+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:21.641877+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:21.881725+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:22.241755+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:22.483256+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:22.966665+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:23.207726+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:23.551196+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:24.633916+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:25.031003+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:25.635585+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:26.235669+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:26.596512+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:27.203930+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:27.323711+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:27.443501+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:27.563538+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:27.683336+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:27.858958+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:27.978730+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:28.461423+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:29.061481+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:29.661431+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:29.901224+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:30.280113+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:30.913470+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:31.393688+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:32.015061+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:32.856928+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:33.937596+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:34.065589+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:34.185480+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:34.828220+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:35.911623+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:36.031728+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:36.617593+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:37.574116+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:37.814932+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:37.934742+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:38.175581+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:38.447737+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:38.811522+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:39.295686+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:39.415502+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:39.780965+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:39.900905+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:40.361752+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:40.601527+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:40.961161+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:41.084113+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:41.325598+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:41.928897+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:42.049613+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:42.529479+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:42.657647+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:43.138522+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:43.378377+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:43.860951+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:43.987986+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:44.593054+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:44.713206+010028255641Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:48.576892+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:48.696847+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:48.816718+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:48.936521+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:49.194904+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:49.436887+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:50.048816+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:50.168727+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:50.656350+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:50.776325+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:51.349337+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:52.010672+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:53.097597+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:53.457603+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:54.114634+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:54.356134+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:54.476624+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:54.836527+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:55.076751+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:55.196635+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:55.797606+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:56.371079+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:56.816202+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:56.936509+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:57.177202+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:57.782297+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:58.899118+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:59.019072+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:59.617775+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:59.737810+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:59.858159+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:49:59.978032+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:00.098085+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:00.218005+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:00.459767+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:01.061616+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:01.541396+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:02.354167+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:02.954940+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:03.074842+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:03.677545+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:04.157499+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:04.397676+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:04.519831+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:04.640990+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:05.145619+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:05.385334+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:05.505189+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:05.625010+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:06.104256+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:06.224144+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:06.825619+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:06.945624+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:07.185359+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:07.305345+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:07.429615+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:07.838686+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:07.958504+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:08.214418+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:09.541614+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:10.141613+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:10.261418+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:10.381409+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:10.501320+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:10.674536+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:10.914333+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:11.034177+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:11.650150+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:12.252092+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:12.856472+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:12.976297+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:13.456344+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:13.576310+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:14.056250+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:14.693011+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:15.295817+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:16.016137+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:17.097457+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:17.697987+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:17.817907+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:18.321457+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:18.442473+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:18.877004+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:18.997040+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:19.117067+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:19.721583+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:19.841445+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:20.323903+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:20.443890+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:20.564432+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:20.804531+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:20.924385+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:21.612182+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:21.732377+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:22.022579+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:22.262318+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:22.625647+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:22.745459+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:22.986112+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:23.619822+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:23.739765+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:24.063428+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:24.187990+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:24.442802+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:24.563506+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:24.923351+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:25.043393+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:25.644780+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:26.245612+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:26.485587+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:26.605687+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:27.191374+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:27.552005+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:28.159727+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:28.520012+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:28.759701+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:29.119208+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:29.496924+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:30.099740+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:30.702425+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:31.304339+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:31.424307+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:31.928159+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:32.048325+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:32.168211+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:32.288059+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:32.449720+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:32.851564+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:33.578154+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:34.058977+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:34.178749+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:34.691716+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:35.366596+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:36.003318+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:36.603623+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:37.395158+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:37.880137+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:38.362331+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:39.461820+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:39.701741+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:40.301261+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:40.901365+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:41.604469+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:41.844335+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:41.968793+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:42.338253+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:42.578008+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:42.818281+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:43.085706+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:43.205492+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:43.325479+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:44.047591+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:44.648520+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:44.769700+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:45.249538+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:45.369617+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:45.730872+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:46.327804+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:46.447634+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:47.046897+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:47.286786+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:47.773746+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:47.893671+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:48.497895+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:48.617783+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:49.197316+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:50.156817+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:50.397793+010028255641Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:53.315400+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:53.435904+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:53.556987+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:53.726570+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:54.089766+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:54.704801+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:55.188691+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:55.428336+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:55.791830+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:55.911771+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:56.525263+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:56.765375+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:57.247260+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:57.367150+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:57.749013+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:58.473908+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:58.713895+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:59.120884+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:50:59.758388+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:00.360947+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:00.969917+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:01.643730+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:01.763645+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:01.883430+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:02.362768+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:02.482698+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:02.968425+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:03.089007+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:03.569554+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:04.349231+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:04.469169+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:04.589109+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:04.713703+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:04.891110+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:05.134369+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:05.254978+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:05.858580+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:07.092399+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:08.459087+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:08.818820+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:09.300883+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:09.461100+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:09.890822+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:10.371112+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:10.491055+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:10.970343+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:11.090069+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:12.036413+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:12.156560+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:12.596139+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:12.716070+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:12.956226+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:13.683688+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:14.289704+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:14.409681+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:14.649508+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:14.832949+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:15.252317+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:15.436455+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:15.556319+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:15.676339+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:16.042149+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:16.162216+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:16.652636+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:17.256420+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:17.736918+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:17.976572+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:18.696540+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:19.176351+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:19.784644+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:19.904459+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:20.024997+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:21.106326+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:21.466243+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:21.587289+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:21.762196+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:22.124327+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:22.244243+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:22.846042+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:23.330598+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:23.450493+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:23.939428+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:24.060238+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:24.427457+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:24.549738+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:24.919796+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:25.041129+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:25.311361+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:25.432874+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:25.552756+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:25.793405+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:25.913260+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:26.273301+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:26.393274+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:26.617136+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:26.737044+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:27.339293+010028255641Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T09:47:38.288383+010028255631Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T09:47:17.233623+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:47:17.233623+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:47:17.233623+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:47.000670+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:48.681768+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:50.489867+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:52.853601+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:55.386821+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:48:57.818525+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:00.535873+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:04.801479+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:08.975589+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:12.391826+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:15.059179+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:18.103672+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:22.241755+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:26.115675+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:29.901224+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:33.216300+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:36.617593+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:40.961161+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:44.593054+010028148601Malware Command and Control Activity Detected192.168.2.5498653.127.138.5716299TCP
                2024-12-06T09:49:56.037600+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:00.339702+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:03.557446+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:07.185359+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:10.914333+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:13.456344+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:16.257187+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:19.481697+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:23.353584+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:27.431704+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:30.099740+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:33.819328+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:37.755835+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:40.301261+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:43.807852+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:47.286786+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:50.637473+010028148601Malware Command and Control Activity Detected192.168.2.54997718.157.68.7316299TCP
                2024-12-06T09:50:59.758388+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:03.329714+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:07.733829+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:11.330025+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:15.676339+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:18.696540+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:21.346383+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                2024-12-06T09:51:26.152977+010028148601Malware Command and Control Activity Detected192.168.2.5499783.127.138.5716299TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-06T09:47:38.288383+010028384861Malware Command and Control Activity Detected192.168.2.5497113.126.37.1816299TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for dropped file
                Source: C:\Users\user\Desktop\NjRAT.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dllAvira: detection malicious, Label: HEUR/AGEN.1322924
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dllAvira: detection malicious, Label: HEUR/AGEN.1301128
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dllAvira: detection malicious, Label: TR/Agent.ymlbm
                Source: C:\svchost.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dllAvira: detection malicious, Label: TR/Dropper.MSIL.Gen
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dllAvira: detection malicious, Label: HEUR/AGEN.1300360
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exeAvira: detection malicious, Label: HEUR/AGEN.1305556
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dllAvira: detection malicious, Label: TR/AD.Bladabindi.qdbcy
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dllAvira: detection malicious, Label: HEUR/AGEN.1300086
                Found malware configuration
                Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmpMalware Configuration Extractor: Njrat {"Host": "2.tcp.eu.ngrok.io", "Port": "16299", "Version": "im523", "Campaign ID": "HacKed", "Install Name": "svchost.exe", "Install Dir": "TEMP"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeReversingLabs: Detection: 100%
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exeReversingLabs: Detection: 100%
                Source: C:\Users\user\Desktop\NjRAT.exeReversingLabs: Detection: 100%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exeReversingLabs: Detection: 86%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dllReversingLabs: Detection: 91%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dllReversingLabs: Detection: 76%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dllReversingLabs: Detection: 87%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dllReversingLabs: Detection: 91%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dllReversingLabs: Detection: 84%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dllReversingLabs: Detection: 91%
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dllReversingLabs: Detection: 73%
                Source: C:\svchost.exeReversingLabs: Detection: 100%
                Multi AV Scanner detection for submitted file
                Source: f3aef511705f37f9792c6032b936ca61.exeReversingLabs: Detection: 68%
                Source: f3aef511705f37f9792c6032b936ca61.exeVirustotal: Detection: 80%Perma Link
                Yara detected Njrat
                Source: Yara matchFile source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c6ca20.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c5ce20.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: f3aef511705f37f9792c6032b936ca61.exe PID: 5840, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: NjRAT.exe PID: 3356, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1536, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Stub.il, type: DROPPED
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 85.4% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\Desktop\NjRAT.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dllJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dllJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dllJoe Sandbox ML: detected
                Source: C:\svchost.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dllJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dllJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exeJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dllJoe Sandbox ML: detected
                Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dllJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: f3aef511705f37f9792c6032b936ca61.exeJoe Sandbox ML: detected
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\NjRAT.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: f3aef511705f37f9792c6032b936ca61.exe
                Source: Binary string: C:\Users\Super\Documents\visual studio 2013\Projects\pw plugin\WindowsApplication12\obj\Release\pw.pdb source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.dr
                Source: Binary string: C:\Users\im523\Desktop\ll\obj\x86\Debug\ch.pdb source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, ch.dll.0.dr
                Source: Binary string: C:\Users\im523\Desktop\Sementara\NjRAT 5 fix7\obj\Debug\NjRat 0.7D Green Edition by im523.pdb source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.dr

                Spreading

                barindex
                Creates autorun.inf (USB autostart)
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile created: C:\autorun.infJump to behavior
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IL_02fe: ldstr "autorun.inf"
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IL_0390: ldstr "[autorun]"
                Source: NjRAT.exe, 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: autorun.inf
                Source: NjRAT.exe, 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: [autorun]
                Source: NjRAT.exe, 00000002.00000002.2165635724.00000000025D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                Source: NjRAT.exe, 00000002.00000002.2165635724.00000000025D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                Source: svchost.exe, 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                Source: svchost.exe, 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                Source: autorun.inf.4.drBinary or memory string: [autorun]
                Source: NjRAT.exe.0.drBinary or memory string: autorun.inf
                Source: NjRAT.exe.0.drBinary or memory string: [autorun]
                Source: svchost.exe.2.drBinary or memory string: autorun.inf
                Source: svchost.exe.2.drBinary or memory string: [autorun]
                Source: svchost.exe.4.drBinary or memory string: autorun.inf
                Source: svchost.exe.4.drBinary or memory string: [autorun]
                Source: 6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe.4.drBinary or memory string: autorun.inf
                Source: 6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe.4.drBinary or memory string: [autorun]
                Source: Stub.il.0.drBinary or memory string: IL_02fe: ldstr "autorun.inf"
                Source: Stub.il.0.drBinary or memory string: IL_0390: ldstr "[autorun]"
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001A7E7 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0001A7E7
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002BB70 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0002BB70
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003ADB8 FindFirstFileExA,0_2_0003ADB8

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49711 -> 3.126.37.18:16299
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49711 -> 3.126.37.18:16299
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49711 -> 3.126.37.18:16299
                Source: Network trafficSuricata IDS: 2838486 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf) : 192.168.2.5:49711 -> 3.126.37.18:16299
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49711 -> 3.126.37.18:16299
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49865 -> 3.127.138.57:16299
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49865 -> 3.127.138.57:16299
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49865 -> 3.127.138.57:16299
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49865 -> 3.127.138.57:16299
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49977 -> 18.157.68.73:16299
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49977 -> 18.157.68.73:16299
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49977 -> 18.157.68.73:16299
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49978 -> 3.127.138.57:16299
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49978 -> 3.127.138.57:16299
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49978 -> 3.127.138.57:16299
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49977 -> 18.157.68.73:16299
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49978 -> 3.127.138.57:16299
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeNetwork Connect: 3.127.138.57 16299Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeNetwork Connect: 3.126.37.18 16299Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.5:49711 -> 3.126.37.18:16299
                Source: global trafficTCP traffic: 192.168.2.5:49865 -> 3.127.138.57:16299
                Source: global trafficTCP traffic: 192.168.2.5:49977 -> 18.157.68.73:16299
                Source: Joe Sandbox ViewIP Address: 3.126.37.18 3.126.37.18
                Source: Joe Sandbox ViewIP Address: 3.127.138.57 3.127.138.57
                Source: Joe Sandbox ViewIP Address: 18.157.68.73 18.157.68.73
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: ERR%WindowsLive:name=*%http://hotmail.com9Software\ooVoo\Settings\UserUserQhttp://www.oovoo.com/?Encrypted PasswordPass equals www.hotmail.com (Hotmail)
                Source: global trafficDNS traffic detected: DNS query: 2.tcp.eu.ngrok.io
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://DynDns.com
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://Paltalk.com/Software
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://Yahoo.com
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drString found in binary or memory: http://dynupdate.no-ip.com/dns?username=
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://hotmail.com9Software
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://no-ip.com
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drString found in binary or memory: http://www.Hacker.com/
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://www.SecurityXploded.com
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drString found in binary or memory: http://www.google.com
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drString found in binary or memory: http://www.no-ip.com/legal/tos
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drString found in binary or memory: http://www.noip.com
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://www.noip.com/
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drString found in binary or memory: http://www.oovoo.com/?Encrypted
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, Stub.il.0.drString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRAT.exe, 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, NjRAT.exe.0.dr, svchost.exe.2.dr, svchost.exe.4.dr, 6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe.4.drString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Contains functionality to log keystrokes (.Net Source)
                Source: NjRAT.exe.0.dr, kl.cs.Net Code: VKCodeToUnicode

                E-Banking Fraud

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c6ca20.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c5ce20.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: f3aef511705f37f9792c6032b936ca61.exe PID: 5840, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: NjRAT.exe PID: 3356, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1536, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Stub.il, type: DROPPED

                Operating System Destruction

                barindex
                Protects its processes via BreakOnTermination flag
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: 01 00 00 00 Jump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_02BABEF2 NtSetInformationProcess,4_2_02BABEF2
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_02BABED0 NtSetInformationProcess,4_2_02BABED0
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_059401C2 NtQuerySystemInformation,4_2_059401C2
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_05940187 NtQuerySystemInformation,4_2_05940187
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000171E6: __EH_prolog,CreateFileW,CloseHandle,CreateDirectoryW,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,0_2_000171E6
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000187090_2_00018709
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000268870_2_00026887
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001C0170_2_0001C017
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003009A0_2_0003009A
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001E1470_2_0001E147
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000132060_2_00013206
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000312180_2_00031218
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000272FF0_2_000272FF
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003D35E0_2_0003D35E
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000414640_2_00041464
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001E57B0_2_0001E57B
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000305960_2_00030596
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001276D0_2_0001276D
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_000309AE0_2_000309AE
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00023A020_2_00023A02
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00034A0A0_2_00034A0A
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001EB7B0_2_0001EB7B
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00034C390_2_00034C39
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001FC430_2_0001FC43
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00023C7D0_2_00023C7D
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00026CBC0_2_00026CBC
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00030DE30_2_00030DE3
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003CEB00_2_0003CEB0
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00025EB80_2_00025EB8
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00015EBC0_2_00015EBC
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00023FAE0_2_00023FAE
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001EFEF0_2_0001EFEF
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00013FFE0_2_00013FFE
                Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exe F0C85722B88D1E7A1941BA17551CD5C29AEF99FAD86D78A5631A0F5446B3F580
                Source: Joe Sandbox ViewDropped File: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dll 7A4977B024D048B71BCC8F1CC65FB06E4353821323F852DC6740B79B9AB75C98
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: String function: 0002E554 appears 35 times
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: String function: 0002E630 appears 54 times
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: String function: 0002EFB0 appears 31 times
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameNjRat 0.7D Green Edition by im523.exe4 vs f3aef511705f37f9792c6032b936ca61.exe
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamech.dll4 vs f3aef511705f37f9792c6032b936ca61.exe
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesHelper.exe< vs f3aef511705f37f9792c6032b936ca61.exe
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepw.dllL vs f3aef511705f37f9792c6032b936ca61.exe
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\svchost.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\svchost.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: pw.dll.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: classification engineClassification label: mal100.spre.troj.adwa.spyw.evad.winEXE@15/20@4/3
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_00016EA8 GetLastError,FormatMessageW,0_2_00016EA8
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_02BABBA2 AdjustTokenPrivileges,4_2_02BABBA2
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_02BABB6B AdjustTokenPrivileges,4_2_02BABB6B
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002A07C FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,0_2_0002A07C
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_6414921Jump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6412:120:WilError_03
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMutant created: NULL
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1124:120:WilError_03
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\6d90d9a2ca0b357d5f629d5cdbe8d0d2
                Source: C:\Users\user\Desktop\NjRAT.exeFile created: C:\Users\user\AppData\Local\Temp\svchost.exeJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCommand line argument: sfxname0_2_0002D891
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCommand line argument: sfxstime0_2_0002D891
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCommand line argument: STARTDLG0_2_0002D891
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;ProcessHacker.exe&quot;)
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile read: C:\Windows\win.iniJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                Source: f3aef511705f37f9792c6032b936ca61.exeReversingLabs: Detection: 68%
                Source: f3aef511705f37f9792c6032b936ca61.exeVirustotal: Detection: 80%
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile read: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe "C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe"
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeProcess created: C:\Users\user\Desktop\NjRAT.exe "C:\Users\user\Desktop\NjRAT.exe"
                Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                Source: C:\Users\user\Desktop\NjRAT.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost.exe "C:\Users\user\AppData\Local\Temp\svchost.exe"
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\svchost.exe" "svchost.exe" ENABLE
                Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM ProcessHacker.exe
                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\svchost.exe "C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\svchost.exe "C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\svchost.exe "C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeProcess created: C:\Users\user\Desktop\NjRAT.exe "C:\Users\user\Desktop\NjRAT.exe" Jump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost.exe "C:\Users\user\AppData\Local\Temp\svchost.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\svchost.exe" "svchost.exe" ENABLEJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM ProcessHacker.exeJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: <pi-ms-win-core-synch-l1-2-0.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: <pi-ms-win-core-fibers-l1-1-1.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: <pi-ms-win-core-localization-l1-2-1.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: dxgidebug.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: sfc_os.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: dwmapi.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: riched20.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: usp10.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: msls31.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: textshaping.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: textinputframework.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: coreuicomponents.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: coremessaging.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: explorerframe.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: sxs.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: actxprxy.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: pcacli.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: avicap32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: msvfw32.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\InProcServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic file information: File size 2388170 > 1048576
                Source: C:\Users\user\Desktop\NjRAT.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb source: f3aef511705f37f9792c6032b936ca61.exe
                Source: Binary string: C:\Users\Super\Documents\visual studio 2013\Projects\pw plugin\WindowsApplication12\obj\Release\pw.pdb source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.dr
                Source: Binary string: C:\Users\im523\Desktop\ll\obj\x86\Debug\ch.pdb source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, ch.dll.0.dr
                Source: Binary string: C:\Users\im523\Desktop\Sementara\NjRAT 5 fix7\obj\Debug\NjRat 0.7D Green Edition by im523.pdb source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.dr
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: NjRAT.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_6414921Jump to behavior
                Source: f3aef511705f37f9792c6032b936ca61.exeStatic PE information: section name: .didat
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002E554 push eax; ret 0_2_0002E572
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002EFF6 push ecx; ret 0_2_0002F009
                Source: pw.dll.0.drStatic PE information: section name: .text entropy: 7.825422229253219

                Persistence and Installation Behavior

                barindex
                Drops PE files with benign system names
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile created: C:\svchost.exeJump to dropped file
                Source: C:\Users\user\Desktop\NjRAT.exeFile created: C:\Users\user\AppData\Local\Temp\svchost.exeJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dllJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile created: C:\svchost.exeJump to dropped file
                Source: C:\Users\user\Desktop\NjRAT.exeFile created: C:\Users\user\AppData\Local\Temp\svchost.exeJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exeJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRAT.exeJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeFile created: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dllJump to dropped file

                Boot Survival

                barindex
                Creates autostart registry keys with suspicious names
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2Jump to behavior
                Drops PE files to the startup folder
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2Jump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: NjRAT.exe, 00000002.00000002.2165635724.00000000025D1000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmp, taskkill.exe, 00000007.00000002.2228274719.000000000041B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000A.00000002.2366176293.0000000003741000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.2447632395.0000000003341000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000000C.00000002.2529674822.00000000036B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: PROCESSHACKER.EXE
                Source: taskkill.exe, 00000007.00000002.2228274719.000000000041B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C.EXECQUERY(SELECT __PATH, PROCESSID, CSNAME, CAPTION, SESSIONID, THREADCOUNT, WORKINGSETSIZE, KERNELMODETIME, USERMODETIME, PARENTPROCESSID FROM WIN32_PROCESS WHERE ( CAPTION = "PROCESSHACKER.EXE"));
                Source: taskkill.exe, 00000007.00000002.2228274719.000000000041B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ATASKKILL/F/IMPROCESSHACKER.EXE7B:
                Source: taskkill.exe, 00000007.00000002.2228274719.000000000041B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, PROCESSID, CSNAME, CAPTION, SESSIONID, THREADCOUNT, WORKINGSETSIZE, KERNELMODETIME, USERMODETIME, PARENTPROCESSID FROM WIN32_PROCESS WHERE ( CAPTION = "PROCESSHACKER.EXE")
                Source: taskkill.exe, 00000007.00000002.2228451851.0000000002860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ERROR: THE PROCESS "PROCESSHACKER.EXE" NOT FOUND.
                Source: taskkill.exe, 00000007.00000002.2228274719.0000000000400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TASKKILL /F /IM PROCESSHACKER.EXEC
                Source: taskkill.exe, 00000007.00000002.2228274719.000000000041B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PDLECT __PATH, PROCESSID, CSNAME, CAPTION, SESSIONID, THREADCOUNT, WORKINGSETSIZE, KERNELMODETIME, USERMODETIME, PARENTPROCESSID FROM WIN32_PROCESS WHERE ( CAPTION = "PROCESSHACKER.EXE")2
                Source: taskkill.exe, 00000007.00000002.2228274719.000000000041B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ATASKKILL/F/IMPROCESSHACKER.EXE
                Source: taskkill.exe, 00000007.00000002.2228451851.0000000002860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SELECT __PATH, PROCESSID, CSNAME, CAPTION, SESSIONID, THREADCOUNT, WORKINGSETSIZE, KERNELMODETIME, USERMODETIME, PARENTPROCESSID FROM WIN32_PROCESS WHERE ( CAPTION = "PROCESSHACKER.EXE")COMMONROG
                Source: taskkill.exe, 00000007.00000002.2228174353.0000000000170000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\USERS\user\DESKTOP\C:\WINDOWS\SYSWOW64\TASKKILL.EXETASKKILL /F /IM PROCESSHACKER.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\SVCHOST.EXEWINSTA0\DEFAULT0
                Source: taskkill.exe, 00000007.00000002.2228274719.0000000000400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TASKKILL /F /IM PROCESSHACKER.EXE
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRAT.exe, 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, NjRAT.exe.0.dr, svchost.exe.2.dr, svchost.exe.4.dr, 6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe.4.drBinary or memory string: #PROCESSHACKER.EXE
                Source: taskkill.exe, 00000007.00000002.2228451851.0000000002860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: TASKKILL/F/IMPROCESSHACKER.EXE
                Source: taskkill.exe, 00000007.00000002.2228451851.0000000002860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: G CAPTION = "PROCESSHACKER.EXE"YY]
                Source: taskkill.exe, 00000007.00000002.2228274719.000000000041B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: THREADCOUNT, WORKINGSETSIZE, KERNELMODETIME, USERMODETIME, PARENTPROCESSID FROM WIN32_PROCESS WHERE ( CAPTION = "PROCESSHACKER.EXE")0USER
                Source: svchost.exe, 00000004.00000002.4553855865.0000000000A00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\USERS\user\DESKTOP\C:\WINDOWS\SYSWOW64\TASKKILL.EXEETSTASKKILL /F /IM PROCESSHACKER.EXEUSC:\USERS\user\APPDATA\LOCAL\TEMP\SVCHOST.EXEHWINSTA0\DEFAULT:\U=::=::\ALLUSERSPROFILE=C:\PROGRAMDATAAPPDATA=C:\USERS\user\APPDATA\ROAMINGCOMMONPROGRAMFILES=C:\PROGRAM\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNRIVERS32SMBLYSTORAGEROOTS32AES CRYPTOGRAPHIC PROVIDERTERNAME=user-PCCOMSPEC=C:\WINDOWS\SYSTEM32\CMD.EXEDRIVERDATA=C:\WINDOWS\SYSTEM32\DRIVERS\DRIVERDATAFPS_BROWSER_APP_PROFILE_STRING=INTERNET EXPLORERFPS_BROWSER_USER_PROFILE_STRING=DEFAULTHOMEDRIVE=C:HOMEPATH=\USERS\userLOCALAPPDATA=C:\USERS\user\APPDATA\LOCALLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2ONEDRIVE=C:\USERS\user\ONEDRIVEOS=WINDOWS_NTPATH=C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=AMD64PROCESSOR_IDENTIFIER=INTEL64 FAMILY 6 MODEL 143 STEPPING 8, GENUINE\REGISTRY\MACHINE\SOFTWARE\\RE\REGISTRY\MACHINE\R\REGISTRY\REGISTRY\MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN FILES (
                Source: taskkill.exe, 00000007.00000002.2228451851.0000000002860000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CAPTION = "PROCESSHACKER.EXE"*
                Source: taskkill.exe, 00000007.00000002.2228274719.0000000000400000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: C:\USERS\user\DESKTOP\C:\WINDOWS\SYSWOW64\TASKKILL.EXETASKKILL /F /IM PROCESSHACKER.EXEC:\USERS\user\APPDATA\LOCAL\TEMP\SVCHOST.EXEWINSTA0\DEFAULT=::=::\ALLUSERSPROFILE=C:\PROGRAMDATAAPPDATA=C:\USERS\user\APPDATA\ROAMINGCOMMONPROGRAMFILES=C:\PROGRAM FILES (X86)\COMMON FILESCOMMONPROGRAMFILES(X86)=C:\PROGRAM FILES (X86)\COMMON FILESCOMMONPROGRAMW6432=C:\PROGRAM FILES\COMMON FILESCOMPUTERNAME=user-PCCOMSPEC=C:\WINDOWS\SYSTEM32\CMD.EXEDRIVERDATA=C:\WINDOWS\SYSTEM32\DRIVERS\DRIVERDATAFPS_BROWSER_APP_PROFILE_STRING=INTERNET EXPLORERFPS_BROWSER_USER_PROFILE_STRING=DEFAULTHOMEDRIVE=C:HOMEPATH=\USERS\userLOCALAPPDATA=C:\USERS\user\APPDATA\LOCALLOGONSERVER=\\user-PCNUMBER_OF_PROCESSORS=2ONEDRIVE=C:\USERS\user\ONEDRIVEOS=WINDOWS_NTPATH=C:\PROGRAM FILES (X86)\COMMON FILES\ORACLE\JAVA\JAVAPATH;C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\;C:\WINDOWS\SYSTEM32\OPENSSH\;C:\USERS\user\APPDATA\LOCAL\MICROSOFT\WINDOWSAPPS;PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=X86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_IDENTIFIER=INTEL64 FAMILY 6 MODEL 143 STEPPING 8, GENUINEINTELPROCESSOR_LEVEL=6PROCESSOR_REVISION=8F08PROGRAMDATA=C:\PROGRAMDATAPROGRAMFILES=C:\PROGRAM FILES (X86)PROGRAMFILES(X86)=C:\PROGRAM FILES (X86)PROGRAMW6432=C:\PROGRAM FILESPSMODULEPATH=C:\PROGRAM FILES (X86)\WINDOWSPOWERSHELL\MODULES;C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\MODULES;C:\PROGRAM FILES (X86)\AUTOIT3\AUTOITXPUBLIC=C:\USERS\PUBLICSESSIONNAME=CONSOLESFXCMD="C:\USERS\user\DESKTOP\F3AEF511705F37F9792C6032B936CA61.EXE"SFXNAME=C:\USERS\user\DESKTOP\F3AEF511705F37F9792C6032B936CA61.EXESFXPAR=SFXSTIME=2024-12-06-03-47-19-469SYSTEMDRIVE=C:SYSTEMROOT=C:\WINDOWSTEMP=C:\USERS\user\APPDATA\LOCAL\TEMPTMP=C:\USERS\user\APPDATA\LOCAL\TEMPUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\USERS\userWINDIR=C:\WINDOWS+
                Source: C:\Users\user\Desktop\NjRAT.exeMemory allocated: 9D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeMemory allocated: 25D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeMemory allocated: 45D0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 3280000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 3280000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 5280000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 15E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 3740000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 5740000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 2DB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 3340000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 5340000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 36B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 36B0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeMemory allocated: 56B0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_02C010AE rdtsc 4_2_02C010AE
                Source: C:\Users\user\Desktop\NjRAT.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeWindow / User API: threadDelayed 3164Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeWindow / User API: threadDelayed 1679Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeWindow / User API: threadDelayed 3491Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeWindow / User API: foregroundWindowGot 428Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeWindow / User API: foregroundWindowGot 1273Jump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exeJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeDropped PE file which has not been started: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dllJump to dropped file
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeEvasive API call chain: GetLocalTime,DecisionNodesgraph_0-23286
                Source: C:\Users\user\Desktop\NjRAT.exe TID: 6348Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe TID: 6508Thread sleep time: -1679000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe TID: 6508Thread sleep time: -3491000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe TID: 4768Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe TID: 4140Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exe TID: 5492Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001A7E7 FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,0_2_0001A7E7
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002BB70 SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SetDlgItemTextW,SendDlgItemMessageW,FindFirstFileW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,FindClose,_swprintf,SetDlgItemTextW,SendDlgItemMessageW,FileTimeToLocalFileTime,FileTimeToSystemTime,GetTimeFormatW,GetDateFormatW,_swprintf,SetDlgItemTextW,_swprintf,SetDlgItemTextW,0_2_0002BB70
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003ADB8 FindFirstFileExA,0_2_0003ADB8
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002E03A VirtualQuery,GetSystemInfo,0_2_0002E03A
                Source: C:\Users\user\Desktop\NjRAT.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000002.2094832081.00000000027F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}i
                Source: netsh.exe, 00000005.00000002.2231879609.000000000338B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlly
                Source: svchost.exe, 00000004.00000002.4554144205.0000000000C70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: svchost.exe, 00000004.00000002.4554144205.0000000000C70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeAPI call chain: ExitProcess graph end nodegraph_0-23636
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeCode function: 4_2_02C010AE rdtsc 4_2_02C010AE
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002F1B5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0002F1B5
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003780E mov eax, dword ptr fs:[00000030h]0_2_0003780E
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003BAA0 GetProcessHeap,0_2_0003BAA0
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002F1B5 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0002F1B5
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002F303 SetUnhandledExceptionFilter,0_2_0002F303
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002F4CB SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0002F4CB
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0003898F IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0003898F
                Source: C:\Users\user\Desktop\NjRAT.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeNetwork Connect: 3.127.138.57 16299Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeNetwork Connect: 3.126.37.18 16299Jump to behavior
                .NET source code references suspicious native API functions
                Source: NjRAT.exe.0.dr, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
                Source: NjRAT.exe.0.dr, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
                Source: NjRAT.exe.0.dr, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
                Source: pw.dll.0.dr, Class1.csReference to suspicious API methods: ReadProcessMemory(struct0_.intptr_0, num3 + 8, ref int_, 4, ref int_2)
                Source: pw.dll.0.dr, Class1.csReference to suspicious API methods: VirtualAllocEx(struct0_.intptr_0, num2, int_3, 12288, 64)
                Source: pw.dll.0.dr, Class1.csReference to suspicious API methods: WriteProcessMemory(struct0_.intptr_0, num4, byte_0, int_4, ref int_2)
                Uses taskkill to terminate AV processes
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM ProcessHacker.exeJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeProcess created: C:\Users\user\Desktop\NjRAT.exe "C:\Users\user\Desktop\NjRAT.exe" Jump to behavior
                Source: C:\Users\user\Desktop\NjRAT.exeProcess created: C:\Users\user\AppData\Local\Temp\svchost.exe "C:\Users\user\AppData\Local\Temp\svchost.exe" Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM ProcessHacker.exeJump to behavior
                Source: svchost.exe, 00000004.00000002.4555101041.0000000003581000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.0000000003788000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: svchost.exe, 00000004.00000002.4554144205.0000000000C70000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rh Program Manager
                Source: svchost.exe, 00000004.00000002.4555101041.0000000003581000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.
                Source: svchost.exe, 00000004.00000002.4555101041.00000000037AA000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.00000000035A8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program manager
                Source: svchost.exe, 00000004.00000002.4555101041.0000000003581000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.0000000003788000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002F00B cpuid 0_2_0002F00B
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: GetLocaleInfoW,GetNumberFormatW,0_2_0002A8CC
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0002D891 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,CloseHandle,GetModuleFileNameW,SetEnvironmentVariableW,GetLocalTime,_swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,0_2_0002D891
                Source: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exeCode function: 0_2_0001AEE5 GetVersionExW,0_2_0001AEE5
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Lowering of HIPS / PFW / Operating System Security Settings

                barindex
                Modifies the windows firewall
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\svchost.exe" "svchost.exe" ENABLE
                Uses netsh to modify the Windows network and firewall settings
                Source: C:\Users\user\AppData\Local\Temp\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\svchost.exe" "svchost.exe" ENABLE

                Stealing of Sensitive Information

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c6ca20.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c5ce20.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: f3aef511705f37f9792c6032b936ca61.exe PID: 5840, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: NjRAT.exe PID: 3356, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1536, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Stub.il, type: DROPPED

                Remote Access Functionality

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: 2.0.NjRAT.exe.10000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c6ca20.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c5ce20.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.f3aef511705f37f9792c6032b936ca61.exe.6c53a20.2.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: f3aef511705f37f9792c6032b936ca61.exe PID: 5840, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: NjRAT.exe PID: 3356, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1536, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRAT.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Stub.il, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure11
                Replication Through Removable Media                		1
                Windows Management Instrumentation                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		311
                Disable or Modify Tools                		1
                Input Capture                		1
                System Time Discovery                		Remote Services1
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts11
                Native API                		221
                Registry Run Keys / Startup Folder                		1
                Access Token Manipulation                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory1
                Peripheral Device Discovery                		Remote Desktop Protocol1
                Input Capture                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts2
                Command and Scripting Interpreter                		Logon Script (Windows)112
                Process Injection                		3
                Obfuscated Files or Information                		Security Account Manager2
                File and Directory Discovery                		SMB/Windows Admin SharesData from Network Shared Drive1
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook221
                Registry Run Keys / Startup Folder                		13
                Software Packing                		NTDS36
                System Information Discovery                		Distributed Component Object ModelInput Capture1
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets231
                Security Software Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                Masquerading                		Cached Domain Credentials2
                Process Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                Virtualization/Sandbox Evasion                		DCSync31
                Virtualization/Sandbox Evasion                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Access Token Manipulation                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt112
                Process Injection                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
                Rundll32                		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1569764 Sample: f3aef511705f37f9792c6032b93... Startdate: 06/12/2024 Architecture: WINDOWS Score: 100 54 2.tcp.eu.ngrok.io 2->54 62 Suricata IDS alerts for network traffic 2->62 64 Found malware configuration 2->64 66 Malicious sample detected (through community Yara rule) 2->66 68 14 other signatures 2->68 10 f3aef511705f37f9792c6032b936ca61.exe 3 26 2->10         started        14 svchost.exe 3 2->14         started        16 svchost.exe 2 2->16         started        18 2 other processes 2->18 signatures3 process4 file5 46 C:\Users\user\Desktop\...\WinMM.Net.dll, PE32 10->46 dropped 48 C:\Users\user\Desktop\...\sc2.dll, PE32 10->48 dropped 50 C:\Users\user\Desktop\...\pw.dll, PE32 10->50 dropped 52 7 other malicious files 10->52 dropped 86 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->86 20 NjRAT.exe 1 5 10->20         started        signatures6 process7 file8 38 C:\Users\user\AppData\Local\...\svchost.exe, PE32 20->38 dropped 70 Antivirus detection for dropped file 20->70 72 Multi AV Scanner detection for dropped file 20->72 74 Machine Learning detection for dropped file 20->74 76 2 other signatures 20->76 24 svchost.exe 2 9 20->24         started        signatures9 process10 dnsIp11 56 18.157.68.73, 16299, 49977 AMAZON-02US United States 24->56 58 2.tcp.eu.ngrok.io 3.126.37.18, 16299, 49711 AMAZON-02US United States 24->58 60 3.127.138.57, 16299, 49865, 49978 AMAZON-02US United States 24->60 40 C:\svchost.exe, PE32 24->40 dropped 42 C:\...\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, PE32 24->42 dropped 44 C:\autorun.inf, Microsoft 24->44 dropped 78 Antivirus detection for dropped file 24->78 80 System process connects to network (likely due to code injection or exploit) 24->80 82 Multi AV Scanner detection for dropped file 24->82 84 10 other signatures 24->84 29 taskkill.exe 1 24->29         started        32 netsh.exe 2 24->32         started        file12 signatures13 process14 signatures15 88 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 29->88 34 conhost.exe 29->34         started        36 conhost.exe 32->36         started        process16

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                f3aef511705f37f9792c6032b936ca61.exe68%ReversingLabsByteCode-MSIL.Trojan.Perseus
                f3aef511705f37f9792c6032b936ca61.exe80%VirustotalBrowse
                f3aef511705f37f9792c6032b936ca61.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\Desktop\NjRAT.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\AppData\Local\Temp\svchost.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dll100%AviraHEUR/AGEN.1322924
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dll100%AviraHEUR/AGEN.1301128
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dll100%AviraTR/Agent.ymlbm
                C:\svchost.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dll100%AviraTR/Dropper.MSIL.Gen
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dll100%AviraHEUR/AGEN.1300360
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exe100%AviraHEUR/AGEN.1305556
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dll100%AviraTR/AD.Bladabindi.qdbcy
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dll100%AviraHEUR/AGEN.1300086
                C:\Users\user\Desktop\NjRAT.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\svchost.exe100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dll100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dll100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dll100%Joe Sandbox ML
                C:\svchost.exe100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dll100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dll100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exe100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dll100%Joe Sandbox ML
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dll100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\svchost.exe100%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe100%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                C:\Users\user\Desktop\NjRAT.exe100%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exe87%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dll92%ReversingLabsWin32.Trojan.Zeus
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dll77%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dll88%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dll91%ReversingLabsWin32.Backdoor.Bladabhindi
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dll84%ReversingLabsWin32.Hacktool.Broduplo
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dll91%ReversingLabsByteCode-MSIL.Backdoor.Bladabhindi
                C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dll74%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                C:\svchost.exe100%ReversingLabsByteCode-MSIL.Backdoor.njRAT

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.Hacker.com/0%Avira URL Cloudsafe
                http://www.oovoo.com/?Encrypted0%Avira URL Cloudsafe
                http://hotmail.com9Software0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                2.tcp.eu.ngrok.io
                		3.126.37.18
                		truetrue
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://dynupdate.no-ip.com/dns?username=f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drfalse
                    		high
                    https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRAT.exe, 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, NjRAT.exe.0.dr, svchost.exe.2.dr, svchost.exe.4.dr, 6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe.4.drfalse
                      		high
                      http://www.Hacker.com/f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://DynDns.comf3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drfalse
                        		high
                        http://www.noip.comf3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drfalse
                          		high
                          https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exef3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, Stub.il.0.drfalse
                            		high
                            http://Paltalk.com/Softwaref3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drfalse
                              		high
                              http://www.google.comf3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drfalse
                                		high
                                http://www.no-ip.com/legal/tosf3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, NjRat 0.7D Green Edition by im523.exe.0.drfalse
                                  		high
                                  http://Yahoo.comf3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drfalse
                                    		high
                                    http://hotmail.com9Softwaref3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.oovoo.com/?Encryptedf3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://no-ip.comf3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drfalse
                                      		high
                                      http://www.noip.com/f3aef511705f37f9792c6032b936ca61.exe, 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, pw.dll.0.drfalse
                                        		high

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        3.126.37.18
                                        		2.tcp.eu.ngrok.ioUnited States
                                        		16509AMAZON-02UStrue
                                        3.127.138.57
                                        		unknownUnited States
                                        		16509AMAZON-02UStrue
                                        18.157.68.73
                                        		unknownUnited States
                                        		16509AMAZON-02UStrue

                                        General Information

                                        Joe Sandbox version:41.0.0 Charoite
                                        Analysis ID:1569764
                                        Start date and time:2024-12-06 09:46:25 +01:00
                                        Joe Sandbox product:CloudBasic
                                        Overall analysis duration:0h 9m 21s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                        Number of analysed new started processes analysed:14
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:0
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample name:f3aef511705f37f9792c6032b936ca61.exe
                                        Detection:MAL
                                        Classification:mal100.spre.troj.adwa.spyw.evad.winEXE@15/20@4/3
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HCA Information:
                                        • Successful, ratio: 99%
                                        • Number of executed functions: 325
                                        • Number of non-executed functions: 86
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe
                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                        Warnings

                                        • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        03:48:06API Interceptor219281x Sleep call for process: svchost.exe modified
                                        09:47:34AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2 "C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                                        09:47:42AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2 "C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                                        09:47:50AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 6d90d9a2ca0b357d5f629d5cdbe8d0d2 "C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                                        09:47:59AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        3.126.37.18W9UAjNR4L6.exeGet hashmaliciousNjratBrowse
                                          7zFM.exeGet hashmaliciousZTratBrowse
                                            4xKDL5YCfQ.exeGet hashmaliciousNjratBrowse
                                              b8UsrDOVGV.exeGet hashmaliciousNjratBrowse
                                                tiodtk2cfy.exeGet hashmaliciousNjratBrowse
                                                  pQBmVoyRnw.exeGet hashmaliciousNjratBrowse
                                                    NezbdhNgwG.exeGet hashmaliciousNjratBrowse
                                                      xdPdkPMD8u.exeGet hashmaliciousNjratBrowse
                                                        VBUXm77rfL.exeGet hashmaliciousNjratBrowse
                                                          gEuhLHV0.posh.ps1Get hashmaliciousMetasploitBrowse
                                                            3.127.138.57En3e396wX1.exeGet hashmaliciousNjratBrowse
                                                              ea1Wv7aq.posh.ps1Get hashmaliciousMetasploitBrowse
                                                                R3ov8eFFFP.exeGet hashmaliciousNjratBrowse
                                                                  b8UsrDOVGV.exeGet hashmaliciousNjratBrowse
                                                                    2G8CgDVl3K.exeGet hashmaliciousNjratBrowse
                                                                      tiodtk2cfy.exeGet hashmaliciousNjratBrowse
                                                                        QUuUm3J8x3.exeGet hashmaliciousNjratBrowse
                                                                          RWqHoCWEPI.exeGet hashmaliciousNjratBrowse
                                                                            OUXkIxeP6k.exeGet hashmaliciousNjratBrowse
                                                                              eI43OwXSvq.exeGet hashmaliciousNjratBrowse
                                                                                18.157.68.73Ve0c8i5So2.exeGet hashmaliciousNjratBrowse
                                                                                  b8UsrDOVGV.exeGet hashmaliciousNjratBrowse
                                                                                    81Rz15POL6.exeGet hashmaliciousNjratBrowse
                                                                                      649DB66A36E095B16832637A31D3CCC75040C5A6C23F6.exeGet hashmaliciousNjratBrowse
                                                                                        RWqHoCWEPI.exeGet hashmaliciousNjratBrowse
                                                                                          VBUXm77rfL.exeGet hashmaliciousNjratBrowse
                                                                                            1UGdjTlX5v.exeGet hashmaliciousNjratBrowse
                                                                                              kXghM8bJcm.exeGet hashmaliciousNjratBrowse
                                                                                                eI43OwXSvq.exeGet hashmaliciousNjratBrowse
                                                                                                  p0zYXkMETE.exeGet hashmaliciousNjratBrowse

                                                                                                    Domains

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    2.tcp.eu.ngrok.ioW9UAjNR4L6.exeGet hashmaliciousNjratBrowse
                                                                                                    • 3.126.37.18
                                                                                                    ULNZPn6D33.exeGet hashmaliciousSliverBrowse
                                                                                                    • 18.197.239.5
                                                                                                    Injector.exeGet hashmaliciousZTratBrowse
                                                                                                    • 18.197.239.5
                                                                                                    7zFM.exeGet hashmaliciousZTratBrowse
                                                                                                    • 3.126.37.18
                                                                                                    Game Laucher.exeGet hashmaliciousNjratBrowse
                                                                                                    • 18.192.93.86
                                                                                                    10.exeGet hashmaliciousUnknownBrowse
                                                                                                    • 18.192.93.86
                                                                                                    En3e396wX1.exeGet hashmaliciousNjratBrowse
                                                                                                    • 18.197.239.5
                                                                                                    ZxocxU01PB.exeGet hashmaliciousNjratBrowse
                                                                                                    • 18.197.239.5
                                                                                                    4xKDL5YCfQ.exeGet hashmaliciousNjratBrowse
                                                                                                    • 18.156.13.209
                                                                                                    R3ov8eFFFP.exeGet hashmaliciousNjratBrowse
                                                                                                    • 3.127.138.57

                                                                                                    ASNs

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    AMAZON-02UShttps://skillbridge.ca/onlinePaymentverify.htmlGet hashmaliciousUnknownBrowse
                                                                                                    • 108.158.75.100
                                                                                                    purchase order.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 13.248.169.48
                                                                                                    main_mips.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 13.218.109.96
                                                                                                    https://fujipharma.box.com/s/pezxwn32zbr37fbrrrqh18g3y8eulbk2Get hashmaliciousUnknownBrowse
                                                                                                    • 52.77.73.5
                                                                                                    main_arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 108.143.162.104
                                                                                                    main_mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 54.181.79.156
                                                                                                    main_sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 52.219.131.157
                                                                                                    https://do.not.click.on.this.link.instantrevert.net/XSEg2WDlKd2JCRDJOMWtwUGE5L0dpYzEyZUF0UjVQWmNQaWl2Q21KaDZSeUhuKzhLc243eHpPN1h4NjVNTnAzblZ6ZFZhaGwydDB1ZHJNUnQ5S25RRk0yTEtDbkhEZUlDZ29KY3lveXU2YW9kWkxheHEvTm1wWU5tWjUvT0lGZHkvR3k2MXBCbkYxdmJkZWl2NnNHa1dFcTFVd29uTklraVNkNHdISUFEbCszRE9tc3RETjdZSXdsaWl3PT0tLWJIaFJQTDlXUWhZQ0V6eWMtLWtnaFdmOHAzRW9zTE12VmNnY2lDS2c9PQ==?cid=2314349904Get hashmaliciousKnowBe4Browse
                                                                                                    • 13.227.8.37
                                                                                                    https://online.coverages.best/informations.html?via=PTonRVU7RklJK0ZJTzAmQVk9NllEODZFRTsmNVY4NzFPPEJZQztWVCA=Get hashmaliciousUnknownBrowse
                                                                                                    • 13.209.60.147
                                                                                                    bin.sh.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 65.11.249.192
                                                                                                    AMAZON-02UShttps://skillbridge.ca/onlinePaymentverify.htmlGet hashmaliciousUnknownBrowse
                                                                                                    • 108.158.75.100
                                                                                                    purchase order.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 13.248.169.48
                                                                                                    main_mips.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 13.218.109.96
                                                                                                    https://fujipharma.box.com/s/pezxwn32zbr37fbrrrqh18g3y8eulbk2Get hashmaliciousUnknownBrowse
                                                                                                    • 52.77.73.5
                                                                                                    main_arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 108.143.162.104
                                                                                                    main_mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 54.181.79.156
                                                                                                    main_sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 52.219.131.157
                                                                                                    https://do.not.click.on.this.link.instantrevert.net/XSEg2WDlKd2JCRDJOMWtwUGE5L0dpYzEyZUF0UjVQWmNQaWl2Q21KaDZSeUhuKzhLc243eHpPN1h4NjVNTnAzblZ6ZFZhaGwydDB1ZHJNUnQ5S25RRk0yTEtDbkhEZUlDZ29KY3lveXU2YW9kWkxheHEvTm1wWU5tWjUvT0lGZHkvR3k2MXBCbkYxdmJkZWl2NnNHa1dFcTFVd29uTklraVNkNHdISUFEbCszRE9tc3RETjdZSXdsaWl3PT0tLWJIaFJQTDlXUWhZQ0V6eWMtLWtnaFdmOHAzRW9zTE12VmNnY2lDS2c9PQ==?cid=2314349904Get hashmaliciousKnowBe4Browse
                                                                                                    • 13.227.8.37
                                                                                                    https://online.coverages.best/informations.html?via=PTonRVU7RklJK0ZJTzAmQVk9NllEODZFRTsmNVY4NzFPPEJZQztWVCA=Get hashmaliciousUnknownBrowse
                                                                                                    • 13.209.60.147
                                                                                                    bin.sh.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 65.11.249.192
                                                                                                    AMAZON-02UShttps://skillbridge.ca/onlinePaymentverify.htmlGet hashmaliciousUnknownBrowse
                                                                                                    • 108.158.75.100
                                                                                                    purchase order.exeGet hashmaliciousFormBookBrowse
                                                                                                    • 13.248.169.48
                                                                                                    main_mips.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 13.218.109.96
                                                                                                    https://fujipharma.box.com/s/pezxwn32zbr37fbrrrqh18g3y8eulbk2Get hashmaliciousUnknownBrowse
                                                                                                    • 52.77.73.5
                                                                                                    main_arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 108.143.162.104
                                                                                                    main_mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 54.181.79.156
                                                                                                    main_sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 52.219.131.157
                                                                                                    https://do.not.click.on.this.link.instantrevert.net/XSEg2WDlKd2JCRDJOMWtwUGE5L0dpYzEyZUF0UjVQWmNQaWl2Q21KaDZSeUhuKzhLc243eHpPN1h4NjVNTnAzblZ6ZFZhaGwydDB1ZHJNUnQ5S25RRk0yTEtDbkhEZUlDZ29KY3lveXU2YW9kWkxheHEvTm1wWU5tWjUvT0lGZHkvR3k2MXBCbkYxdmJkZWl2NnNHa1dFcTFVd29uTklraVNkNHdISUFEbCszRE9tc3RETjdZSXdsaWl3PT0tLWJIaFJQTDlXUWhZQ0V6eWMtLWtnaFdmOHAzRW9zTE12VmNnY2lDS2c9PQ==?cid=2314349904Get hashmaliciousKnowBe4Browse
                                                                                                    • 13.227.8.37
                                                                                                    https://online.coverages.best/informations.html?via=PTonRVU7RklJK0ZJTzAmQVk9NllEODZFRTsmNVY4NzFPPEJZQztWVCA=Get hashmaliciousUnknownBrowse
                                                                                                    • 13.209.60.147
                                                                                                    bin.sh.elfGet hashmaliciousMiraiBrowse
                                                                                                    • 65.11.249.192

                                                                                                    JA3 Fingerprints

                                                                                                    No context

                                                                                                    Dropped Files

                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                    C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exeX2s67U04zU.exeGet hashmaliciousDCRatBrowse
                                                                                                      C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dllZikuRAT VIP.7zGet hashmaliciousNjratBrowse

                                                                                                        Created / dropped Files

                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\NjRAT.exe.log

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\NjRAT.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):525
                                                                                                        Entropy (8bit):5.259753436570609
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                                                                                        MD5:260E01CC001F9C4643CA7A62F395D747
                                                                                                        SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                                                                                        SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                                                                                        SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\svchost.exe.log

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):525
                                                                                                        Entropy (8bit):5.259753436570609
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                                                                                                        MD5:260E01CC001F9C4643CA7A62F395D747
                                                                                                        SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                                                                                                        SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                                                                                                        SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                                                                                                        Malicious:false
                                                                                                        Reputation:moderate, very likely benign file
                                                                                                        Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                                                                                                        C:\Users\user\AppData\Local\Temp\svchost.exe

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\NjRAT.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37888
                                                                                                        Entropy (8bit):5.57381833845709
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:TpUDMmUbCv/cPByrUvSXrM+rMRa8Nuuut:T2DcbW05KUqI+gRJNd
                                                                                                        MD5:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        SHA1:E1CA2E74E7F873584E6B6D1D0F3D1D2DABC5713A
                                                                                                        SHA-256:0C41F773D5ABFFD1C52F008C3F144155CB7E331816A5C3AF1FC42683EAB51263
                                                                                                        SHA-512:AB2FD5CC9DA5F8FB2C8836A9063D8C15DB64847A6028F7AC0B330305D24905F8025BBE5CB02C7DE5BD0EE63B0173203D496292887AB90926BA4082AC066F5508
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: Brian Wallace @botnet_hunter
                                                                                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: ditekSHen
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V~c................................. ........@.. ....................................@.................................\...O.......@............................................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37888
                                                                                                        Entropy (8bit):5.57381833845709
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:TpUDMmUbCv/cPByrUvSXrM+rMRa8Nuuut:T2DcbW05KUqI+gRJNd
                                                                                                        MD5:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        SHA1:E1CA2E74E7F873584E6B6D1D0F3D1D2DABC5713A
                                                                                                        SHA-256:0C41F773D5ABFFD1C52F008C3F144155CB7E331816A5C3AF1FC42683EAB51263
                                                                                                        SHA-512:AB2FD5CC9DA5F8FB2C8836A9063D8C15DB64847A6028F7AC0B330305D24905F8025BBE5CB02C7DE5BD0EE63B0173203D496292887AB90926BA4082AC066F5508
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, Author: Brian Wallace @botnet_hunter
                                                                                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\6d90d9a2ca0b357d5f629d5cdbe8d0d2.exe, Author: ditekSHen
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V~c................................. ........@.. ....................................@.................................\...O.......@............................................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                                                        C:\Users\user\Desktop\NjRAT.exe

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37888
                                                                                                        Entropy (8bit):5.57381833845709
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:TpUDMmUbCv/cPByrUvSXrM+rMRa8Nuuut:T2DcbW05KUqI+gRJNd
                                                                                                        MD5:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        SHA1:E1CA2E74E7F873584E6B6D1D0F3D1D2DABC5713A
                                                                                                        SHA-256:0C41F773D5ABFFD1C52F008C3F144155CB7E331816A5C3AF1FC42683EAB51263
                                                                                                        SHA-512:AB2FD5CC9DA5F8FB2C8836A9063D8C15DB64847A6028F7AC0B330305D24905F8025BBE5CB02C7DE5BD0EE63B0173203D496292887AB90926BA4082AC066F5508
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\Desktop\NjRAT.exe, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\Desktop\NjRAT.exe, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\Desktop\NjRAT.exe, Author: Brian Wallace @botnet_hunter
                                                                                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\Desktop\NjRAT.exe, Author: ditekSHen
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V~c................................. ........@.. ....................................@.................................\...O.......@............................................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\GeoIP.dat

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:data
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1296658
                                                                                                        Entropy (8bit):5.9181827752117675
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:24576:X49Ncvb7y4+FFfI12ky0dBRQ3fNLxDKefhoFbQfAACiTQVapg:o9Nhw1vJ83fNLxu2UVa2
                                                                                                        MD5:797B96CC417D0CDE72E5C25D0898E95E
                                                                                                        SHA1:8C63D0CC8A3A09C1FE50C856B8E5170A63D62F13
                                                                                                        SHA-256:8A0675001B5BC63D8389FC7ED80B4A7B0F9538C744350F00162533519E106426
                                                                                                        SHA-512:9BB0C40C83551000577F8CF0B8A7C344BC105328A2C564DF70FABEC978AD267FA42E248C11FB78166855B0816D2EF3EC2C12FE52F8CC0B83E366E46301340882
                                                                                                        Malicious:false
                                                                                                        Preview:.............~..~.......H..I.........'..'.................../..0........"..#........i..j..............Z..[........T..U........J..K........G..0........=..0........5..g...........0.. .....'.....!..o.."..0..#..o..$..0..%.....&..0.....0..(..o..)..0..*..0..+..0..,..0..-..0..0...../.....0..0..1..0..2..0..3..0..4..0..0..-..6..o..7.....8..0..9..0..:..0..;..0..<..0..&..0..>..?..0.....@..w..A.....B..0..C..0..D..0..0..E..F..0..0..&..w..H..I..g.....o..L..M..S..0..N..O.....R..P.....Q..g..^..o..^.....&.....0.....V..0..w..X..W..o..P..0..Y.....o..0.....\..d..w.....]..^.._..`..0..c..0..w..a.....b........0..g..e..w..0..f..g..0..h..0.....w..k..l........m..n........o..p........J..q..l.....r..M..s..t..u..v........w..x........y..z........{..|........}...........~....................8.......................l......................................8................................X...........................................................................................................l........................

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\NjRat 0.7D Green Edition by im523.exe

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):1706496
                                                                                                        Entropy (8bit):5.621851082007528
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:ouicuiPszLSDeMFFFFFFFNPjiRfbljmYpNk1Yt6JwpwqVcTeec7neIjjpL:ouicui0zLSDRPjiRfzUcpcNgD
                                                                                                        MD5:1033C448810D3B507423546432E2F502
                                                                                                        SHA1:2BF9D04F68ED15B957378FB95DAA78C85D5B2B26
                                                                                                        SHA-256:F0C85722B88D1E7A1941BA17551CD5C29AEF99FAD86D78A5631A0F5446B3F580
                                                                                                        SHA-512:AEB964632DFAD41FC383A68ACE0E6BEB152A7075F21A32E449624A27DA5D2A5CCDA0665FBD90597D65D74B0790877BAF6F81336660B1DF4BF38B41CD0BC6CD44
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 87%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: X2s67U04zU.exe, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x..V.....................V........... ........@.. ....................................@.....................................W........Q...................`....................................................... ............... ..H............text...$.... ...................... ..`.sdata..............................@....rsrc....Q.......R..................@..@.reloc.......`......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\cam.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):64512
                                                                                                        Entropy (8bit):5.8688535448754715
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:7EoML5LFXbUu5ExN3hep+cx4sKcuxpSe:7ERZxQxep+cx5Kcu3
                                                                                                        MD5:A73EDB60B80A2DFA86735D821BEA7B19
                                                                                                        SHA1:F39A54D7BC25425578A2B800033E4508714A73ED
                                                                                                        SHA-256:7A4977B024D048B71BCC8F1CC65FB06E4353821323F852DC6740B79B9AB75C98
                                                                                                        SHA-512:283E9206D0B56C1F8B0741375CCD0A184410CF89F5F42DFE91E7438C5FD0AC7FA4AFBB84B8B7EA448B3093397552FD3731B9BE74C67B846D946DA486DCF0DF68
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 92%
                                                                                                        Joe Sandbox View:
                                                                                                        • Filename: ZikuRAT VIP.7z, Detection: malicious, Browse
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......R...........!..................... ... ....@.. .......................`............@.....................................O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H........e...............................................................0..E........(......}.....r...p}.....r...p}......}.....s....}......d}......}....*....0...........{......(....s.........(....r...p(........o...........o..........o.....{....o.....o......o......o....&.o.......(.......%(.......}....(......*...........an..........ww......>....o....o....*.0..........(.....Po....*....0..........(.....Po....*....0..i........o......-...}....*....3...}....*.%......s....s......o...

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\ch.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):24576
                                                                                                        Entropy (8bit):5.599068539501502
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:nok/7+I98wxOatKr3xcNRPKtoMlqfpibcWY2EvHqNiaR6D3sO9:c6oh4RiHlqhi/EvDou
                                                                                                        MD5:73C8A5CD64FCF87186A6A9AC870DF509
                                                                                                        SHA1:7EA0BD1F15D7C8BC8B259B3A409B2CD3B0FE3EEC
                                                                                                        SHA-256:7722206DBA0CFB290F33093F9430CB770A160947001715AE11E6DBBFAEF1C0EE
                                                                                                        SHA-512:B5FAAF370D951BCCD34DA369E970D75C8F038BBFC99CF042C89A4CEB9CC077C1C8FC81318D79180C67373CCA8024D27AABA052D4CEE82A3AEDA8D59AD0AC817D
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 77%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...`..V...........!.....P...........o... ........@.. ....................................@..................................n..S.................................................................................... ............... ..H............text....O... ...P.................. ..`.sdata..c............T..............@....rsrc................V..............@..@.reloc...............^..............@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\mic.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):51200
                                                                                                        Entropy (8bit):5.9117962544447735
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:1536:YmXfC5RemUFTxqPbSiQZrCF1HzGL17d8:YmXfCgFTxq+iQZrGTGL17d8
                                                                                                        MD5:D4C5DDC00F27162FC0947830E0E762B7
                                                                                                        SHA1:7769BE616D752E95D80E167F2EF4CC6B8C3C21FE
                                                                                                        SHA-256:B6FB6B66821E70A27A4750B0CD0393E4EE2603A47FEAC48D6A3D66D1C1CB56D5
                                                                                                        SHA-512:9555F800213F2F4A857B4558AA4D030EDF41485B8366812D5A6B9ADCC77FC21584E30D2DD9CE515846F3A809C85038958CB8174BF362CF6FED97CA99A826E379
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 88%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...-.R...........!..................... ........@.. .......................@..................................................L............................ ......................................................,................ ..H............text...4.... ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B................H........u...i..........XO..|&............................................(......}.....r...p}.....s....}.....r...p}.....(....*...0...........F9K...s........s...........o.....o......jo.....o..................o....&.o.....*.s.......s................o.....j.o.........o....&...(........jo.......................o....&..o.....o......*....6(.....Po....*..6(.....Po....*...0..........(.....Po......(......*.......0...........P(.....(.....o......*.......0..2..........o.....{......(..........r

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\plg.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):29184
                                                                                                        Entropy (8bit):5.664549935875628
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:384:iLa+IgaVdBJfFfZsDNujglHdUky5P6bL2XIadYweVqJE+La7gmlweR9Oq7Bp2RhG:8ZIgYdbfAhdGJ6bL6YT2fO9vca2kSs
                                                                                                        MD5:0CBC2D9703FEEAD9783439E551C2B673
                                                                                                        SHA1:4F8F4ADDD6F9E60598A7F4A191A89A52201394A8
                                                                                                        SHA-256:EA9ECF8723788FEEF6492BF938CDFAB1266A1558DFFE75E1F78A998320F96E39
                                                                                                        SHA-512:06F55B542000E23F5EEBA45EA5FF9FFADDDDD102935E039E4496AF5E5083F257129DAB2F346EEAE4EE864F54DB57D3C73CF6ED1D3568087411203769CF0DDD66
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 91%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X..R...........!.....l..........~.... ........@.. ....................................@.................................0...K.................................................................................... ............... ..H............text....j... ...l.................. ..`.rsrc................n..............@..@.reloc...............p..............@..B................`.......H........U..P4..........P .............................................................lSystem.Resources.ResourceReader, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089#System.Resources.RuntimeResourceSet............PADPADP......(....*..(....*.s.........s.........s.........s.........*...0..........~....o....*..0..........~....o....*..0..........~....o....*..0..........~....o....*..0............(....(....*....0...........(....*..0...............(..

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\pw.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):257024
                                                                                                        Entropy (8bit):7.718806258518157
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6144:/e31bXJVFJmShoCKFdZ3aDGjXsCUjguhyUOMO1:WxJ/JmSG9T8CEgdM
                                                                                                        MD5:872401528FC94C90F3DE6658E776CC36
                                                                                                        SHA1:C58E22158774D16831350DE79EB4E1711379E8A6
                                                                                                        SHA-256:3A1CC072EFFD8C38406A6FDDF4D8F49C5366BB0E32071311D90DB669940987CE
                                                                                                        SHA-512:6DA881FB968BA9D9200777A9F19D69220468482F3EAAF687C433790D512DA520F5ADB23441FDC8F3FD10785918EB2864EA3EF32DDB80D2F6665550EA455F4A2F
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 84%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......U...........!.........4........... ........@.. .......................`............@.................................p...K......../...................@....................................................... ............... ..H............text....... ...................... ..`.sdata..8...........................@....rsrc..../.......0..................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Plugin\sc2.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (DLL) (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):12288
                                                                                                        Entropy (8bit):5.16289859666362
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:192:3SDU/WQw9hM/BIlbzMmY3CX80B2/mZLks4LX08Lt6dD5DHqKlZTFzfpni48nafL8:3SDOOMJIpIm8/IQs4z08IdD5DvZTFTpM
                                                                                                        MD5:19967E886EDCD2F22F8D4A58C8EA3773
                                                                                                        SHA1:BF6E0E908EAAD659FDD32572E9D73C5476CA26EC
                                                                                                        SHA-256:3E5141C75B7746C0EB2B332082A165DEACB943CEF26BD84668E6B79B47BDFD93
                                                                                                        SHA-512:D471DF3F0D69909E8EF9F947DA62C77C3FF1EB97AC1DD53A74AD09FB4D74EC26C3C22FACC18EC04F26DF3B85B0C70863119F5BAA090B110AB25383FCDB4E9D6E
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 91%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.... .R...........!.....*...........I... ...`....@.. ....................................@..................................I..W....`............................................................................... ............... ..H............text....)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc..............................@..B.................I......H........2...............................................................r...p.....*..(......}.....s....}.....r...p}......}......}.....s....}....*...0...........{......(....s........(....r...p(........(...........o..........o.....{....o.....o......o......o....&.o.......(.......%(.......}....(......*........`m..........vv......:...(....o....*..0..........(.....Po....*....0..........(.....Po....*....0...........%......s....s......o....*...0..n.......s........j.........{.....{..

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Sound\Sound.wav

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:RIFF (little-endian) data, WAVE audio, Microsoft PCM, 16 bit, stereo 44100 Hz
                                                                                                        Category:dropped
                                                                                                        Size (bytes):658988
                                                                                                        Entropy (8bit):7.7687372330318425
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:kqqW6lExbQPGUXw7zYmDahneArkGZKatb4TZdXEuH3S28UI:Mz65YQa44kKmLVHiXUI
                                                                                                        MD5:562FB3B4B1B1EAFD2CF107F2E92E0670
                                                                                                        SHA1:CEBF2A65C99E1B2C13D7212BF111BDF0FE5C13CE
                                                                                                        SHA-256:5FF592B183B2C990448F1DCD842A29CFE17A3EAA9956E0135C945C578676344A
                                                                                                        SHA-512:807CD580A04C84FB671C1DFA0FC2B90BBF2428E4727D7FA3956011623CAE5C7E093ACF55D5F0AD325116B729C96E845F06F3FC3007E8048238AACDEA7F21386A
                                                                                                        Malicious:false
                                                                                                        Preview:RIFF$...WAVEfmt ........D...........data................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Stub.il

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:assembler source, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):408747
                                                                                                        Entropy (8bit):4.3806828177501735
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:12288:YbidABkcrO7qU+1gtxPXEx8V0IC0FcUYpm+0DGG+ld+HkZCpC654tDarkic:s
                                                                                                        MD5:3575ABF7AB346EC4039138FAD1FAB4B7
                                                                                                        SHA1:C5C7B08CFCB707CAB339D966E36DE6C3C97BD7F5
                                                                                                        SHA-256:ED79411707D5A9925F1146E595983804E4EEAFE35E72EB51703908EFF13CC073
                                                                                                        SHA-512:2044D78E20A4D7B8ACBC0EBF61C38176314CCF02A0B009B161530B78658444FAED8304A628938514D98EFFE5EBDD81275E1328F65D98EC3F2E545F9C9DE56179
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\Desktop\NjRat 0.7D Green Edition\Stub.il, Author: Joe Security
                                                                                                        Preview:...// Microsoft (R) .NET Framework IL Disassembler. Version 2.0.50727.42..// Copyright (c) Microsoft Corporation. All rights reserved.........// Metadata version: v2.0.50727...module extern user32...module extern user32.dll...module extern winmm.dll...module extern avicap32.dll...module extern kernel32...module extern ntdll...module extern KERNEL32.DLL...assembly extern mscorlib..{.. .publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4.... .ver 2:0:0:0..}...assembly extern Microsoft.VisualBasic..{.. .publickeytoken = (B0 3F 5F 7F 11 D5 0A 3A ) // .?_....:.. .ver 8:0:0:0..}...assembly extern System..{.. .publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4.... .ver 2:0:0:0..}...assembly extern System.Windows.Forms..{.. .publickeytoken = (B7 7A 5C 56 19 34 E0 89 ) // .z\V.4.... .ver 2:0:0:0..}...assembly extern System.Drawing..{.. .publickeytoken = (B0 3F 5F 7F 11 D5 0A 3A )

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\Stub.manifest

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):487
                                                                                                        Entropy (8bit):4.968013380130765
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:TMVBd6OjzsbRu9Td8HW/5TiyEGWBRu9TO/STfUpRu9TNNciWkY2x8RTdN9TIHG:TMHdt43O5lEGaN/2UjMNciC2xA5NEG
                                                                                                        MD5:4D18AC38A92D15A64E2B80447B025B7E
                                                                                                        SHA1:5C34374C2DD5AFA92E0489F1D6F86DDE616ACA6C
                                                                                                        SHA-256:835A00D6E7C43DB49AE7B3FA12559F23C2920B7530F4D3F960FD285B42B1EFB5
                                                                                                        SHA-512:72BE79ACD72366B495E0F625A50C9BDF01047BCF5F9EE1E3BDBA10DAB7BD721B0126F429A91D8C80C2434E8BC751DEFDF4C05BDC09D26A871DF1BB2E22E923BF
                                                                                                        Malicious:false
                                                                                                        Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">.. <requestedExecutionLevel level="asInvoker" uiAccess="false"/>.. </requestedPrivileges>.. </security>.. </trustInfo>..</assembly>..

                                                                                                        C:\Users\user\Desktop\NjRat 0.7D Green Edition\WinMM.Net.dll

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):44032
                                                                                                        Entropy (8bit):5.942984156709154
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:LyasDzF2TDSemqD9tGI+ffwj2Au0LVpqmf7KxcOOrYCPTxqPb85:LyaXKemqD9tGI+ffwj2Au0LVpq4KWrlv
                                                                                                        MD5:D4B80052C7B4093E10CE1F40CE74F707
                                                                                                        SHA1:2494A38F1C0D3A0AA9B31CF0650337CACC655697
                                                                                                        SHA-256:59E2AC1B79840274BDFCEF412A10058654E42F4285D732D1487E65E60FFBFB46
                                                                                                        SHA-512:3813B81F741AE3ADB07AE370E817597ED2803680841CCC7549BABB727910C7BFF4F8450670D0CA19A0D09E06F133A1AAEFECF5B5620E1B0BDB6BCD409982C450
                                                                                                        Malicious:true
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 74%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...TOZR...........!................~.... ........@.. ....................... ............@.................................(...S.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................`.......H........e..\^...........@...%...........................................0..p........s....}.....s....}..... ....}.......}.....s....}.....(.....(....2.....r...pr...ps....z........s}...}......}....*.0............(.......(.....*...................b..{.....(....t....}....*b..{.....(....t....}....*.(....o....*..{....*r..0.r...pr...ps....z..}....*..{....*..{.....0.r...pr...ps....z..}....*.(`...*.0..$.......~....-.s......(....o..........~....*.0...........{....%.(.....{....,.r...ps.

                                                                                                        C:\autorun.inf

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        File Type:Microsoft Windows Autorun file
                                                                                                        Category:dropped
                                                                                                        Size (bytes):50
                                                                                                        Entropy (8bit):4.320240000427043
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:3:It1KV2LKMACovK0x:e1KzxvD
                                                                                                        MD5:5B0B50BADE67C5EC92D42E971287A5D9
                                                                                                        SHA1:90D5C99143E7A56AD6E5EE401015F8ECC093D95A
                                                                                                        SHA-256:04DDE2489D2D2E6846D42250D813AB90B5CA847D527F8F2C022E6C327DC6DB53
                                                                                                        SHA-512:C064DC3C4185A38D1CAEBD069ACB9FDBB85DFB650D6A241036E501A09BC89FD06E267BE9D400D20E6C14B4068473D1C6557962E8D82FDFD191DB7EABB6E66821
                                                                                                        Malicious:true
                                                                                                        Preview:[autorun]..open=C:\svchost.exe..shellexecute=C:\..

                                                                                                        C:\svchost.exe

                                                                                                        Download File
                                                                                                        Process:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                        Category:dropped
                                                                                                        Size (bytes):37888
                                                                                                        Entropy (8bit):5.57381833845709
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:768:TpUDMmUbCv/cPByrUvSXrM+rMRa8Nuuut:T2DcbW05KUqI+gRJNd
                                                                                                        MD5:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        SHA1:E1CA2E74E7F873584E6B6D1D0F3D1D2DABC5713A
                                                                                                        SHA-256:0C41F773D5ABFFD1C52F008C3F144155CB7E331816A5C3AF1FC42683EAB51263
                                                                                                        SHA-512:AB2FD5CC9DA5F8FB2C8836A9063D8C15DB64847A6028F7AC0B330305D24905F8025BBE5CB02C7DE5BD0EE63B0173203D496292887AB90926BA4082AC066F5508
                                                                                                        Malicious:true
                                                                                                        Yara Hits:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\svchost.exe, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\svchost.exe, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: C:\svchost.exe, Author: Brian Wallace @botnet_hunter
                                                                                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\svchost.exe, Author: ditekSHen
                                                                                                        Antivirus:
                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                        • Antivirus: ReversingLabs, Detection: 100%
                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....V~c................................. ........@.. ....................................@.................................\...O.......@............................................................................ ............... ..H............text........ ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B........................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                                                                                                        \Device\ConDrv

                                                                                                        Download File
                                                                                                        Process:C:\Windows\SysWOW64\netsh.exe
                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                        Category:dropped
                                                                                                        Size (bytes):313
                                                                                                        Entropy (8bit):4.971939296804078
                                                                                                        Encrypted:false
                                                                                                        SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                                                                                                        MD5:689E2126A85BF55121488295EE068FA1
                                                                                                        SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                                                                                                        SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                                                                                                        SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                                                                                                        Malicious:false
                                                                                                        Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                                                                                                        Static File Info

                                                                                                        General

                                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                        Entropy (8bit):7.781884237983846
                                                                                                        TrID:
                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                        File name:f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        File size:2'388'170 bytes
                                                                                                        MD5:e4631d6e2fee44de27d84aff1ce7c7a5
                                                                                                        SHA1:d16bc9a9e7249e8f5b519cabbaafa0f1462bccdd
                                                                                                        SHA256:008478ff6c70392e5ecf933881df2c44f31fdf76ad88c407191233cb39de6528
                                                                                                        SHA512:fdba6e4c6ce13996f05bfa0680383c809b177aedbd300ce42e7f378fd8ad1a1b2cfbc6342b5f0f64d03142bc25f3cf538829cbd01c539ec4c1477121b8f6e8be
                                                                                                        SSDEEP:49152:x842+3u+OurHvP4yU222Yd/2bIKxwc6XfnVmAfIg39EJ:x8gTdrHvPfRn8ulx36PrNQ
                                                                                                        TLSH:AAB51201BB9595F2D5632976F928EF30DA6CEC501E20C69B63D04D1B7DB81C2E921BE3
                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b`..&...&...&.....h.+.....j.......k.>.....^.$...._..0...._..5...._....../y..,.../y..#...&...+...._......._..'...._f.'...._..'..

                                                                                                        File Icon

                                                                                                        Icon Hash:10dad45854447230

                                                                                                        Static PE Info

                                                                                                        General

                                                                                                        Entrypoint:0x41eef0
                                                                                                        Entrypoint Section:.text
                                                                                                        Digitally signed:false
                                                                                                        Imagebase:0x400000
                                                                                                        Subsystem:windows gui
                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                        Time Stamp:0x60C329FF [Fri Jun 11 09:16:47 2021 UTC]
                                                                                                        TLS Callbacks:
                                                                                                        CLR (.Net) Version:
                                                                                                        OS Version Major:5
                                                                                                        OS Version Minor:1
                                                                                                        File Version Major:5
                                                                                                        File Version Minor:1
                                                                                                        Subsystem Version Major:5
                                                                                                        Subsystem Version Minor:1
                                                                                                        Import Hash:fcf1390e9ce472c7270447fc5c61a0c1

                                                                                                        Entrypoint Preview

                                                                                                        Instruction
                                                                                                        call 00007FC674837799h
                                                                                                        jmp 00007FC6748371BDh
                                                                                                        cmp ecx, dword ptr [0043E668h]
                                                                                                        jne 00007FC674837335h
                                                                                                        ret
                                                                                                        jmp 00007FC67483791Eh
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        push esi
                                                                                                        push dword ptr [ebp+08h]
                                                                                                        mov esi, ecx
                                                                                                        call 00007FC67482A137h
                                                                                                        mov dword ptr [esi], 00435580h
                                                                                                        mov eax, esi
                                                                                                        pop esi
                                                                                                        pop ebp
                                                                                                        retn 0004h
                                                                                                        and dword ptr [ecx+04h], 00000000h
                                                                                                        mov eax, ecx
                                                                                                        and dword ptr [ecx+08h], 00000000h
                                                                                                        mov dword ptr [ecx+04h], 00435588h
                                                                                                        mov dword ptr [ecx], 00435580h
                                                                                                        ret
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        lea eax, dword ptr [ecx+04h]
                                                                                                        mov dword ptr [ecx], 00435568h
                                                                                                        push eax
                                                                                                        call 00007FC67483A4BDh
                                                                                                        pop ecx
                                                                                                        ret
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 0Ch
                                                                                                        lea ecx, dword ptr [ebp-0Ch]
                                                                                                        call 00007FC67482A0CEh
                                                                                                        push 0043B704h
                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                        push eax
                                                                                                        call 00007FC674839C80h
                                                                                                        int3
                                                                                                        push ebp
                                                                                                        mov ebp, esp
                                                                                                        sub esp, 0Ch
                                                                                                        lea ecx, dword ptr [ebp-0Ch]
                                                                                                        call 00007FC6748372D4h
                                                                                                        push 0043B91Ch
                                                                                                        lea eax, dword ptr [ebp-0Ch]
                                                                                                        push eax
                                                                                                        call 00007FC674839C63h
                                                                                                        int3
                                                                                                        jmp 00007FC67483BC33h
                                                                                                        jmp dword ptr [00433260h]
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        int3
                                                                                                        push 00422150h
                                                                                                        push dword ptr fs:[00000000h]

                                                                                                        Rich Headers

                                                                                                        Programming Language:
                                                                                                        • [ C ] VS2008 SP1 build 30729
                                                                                                        • [IMP] VS2008 SP1 build 30729
                                                                                                        • [C++] VS2015 UPD3.1 build 24215
                                                                                                        • [EXP] VS2015 UPD3.1 build 24215
                                                                                                        • [RES] VS2015 UPD3 build 24213
                                                                                                        • [LNK] VS2015 UPD3.1 build 24215

                                                                                                        Data Directories

                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x3c8300x34.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3c8640x3c.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x630000x2a488.rsrc
                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x8e0000x227c.reloc
                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x3aac00x54.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x355080x40.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x330000x260.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x3bdc40x120.rdata
                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                        Sections

                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                        .text0x10000x313ba0x31400675b3d32e0449f24d266c11fd42c4e23False0.5840141180203046data6.709807872238317IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                        .rdata0x330000xa6220xa800d1ae5a0175dfb925fc91111d5aee7a6cFalse0.45317150297619047data5.222677614328155IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .data0x3e0000x237280x1000201530c9e56f172adf2473053298d48fFalse0.36767578125data3.7088186669877685IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .didat0x620000x18c0x200b7f0feda7ab6671cb8b44734d1fc4180False0.447265625data3.3554341882340144IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                        .rsrc0x630000x2a4880x2a60087b3bf4b958520f3b63cbea914fae3e1False0.1132121128318584data2.6898752697340647IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                        .reloc0x8e0000x227c0x2400c4082250c29091b2a6f872d68c8d91ffFalse0.7757161458333334data6.564176621980741IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                        Resources

                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                        PNG0x635240xb45PNG image data, 93 x 302, 8-bit/color RGB, non-interlacedEnglishUnited States1.0027729636048528
                                                                                                        PNG0x6406c0x15a9PNG image data, 186 x 604, 8-bit/color RGB, non-interlacedEnglishUnited States0.9363390441839495
                                                                                                        RT_ICON0x656180x25b48Device independent bitmap graphic, 187 x 400 x 32, image size 1496000.049074074074074076
                                                                                                        RT_DIALOG0x8b1600x286dataEnglishUnited States0.5092879256965944
                                                                                                        RT_DIALOG0x8b3e80x13adataEnglishUnited States0.60828025477707
                                                                                                        RT_DIALOG0x8b5240xecdataEnglishUnited States0.6991525423728814
                                                                                                        RT_DIALOG0x8b6100x12edataEnglishUnited States0.5927152317880795
                                                                                                        RT_DIALOG0x8b7400x338dataEnglishUnited States0.45145631067961167
                                                                                                        RT_DIALOG0x8ba780x252dataEnglishUnited States0.5757575757575758
                                                                                                        RT_STRING0x8bccc0x1e2dataEnglishUnited States0.3900414937759336
                                                                                                        RT_STRING0x8beb00x1ccdataEnglishUnited States0.4282608695652174
                                                                                                        RT_STRING0x8c07c0x1b8dataEnglishUnited States0.45681818181818185
                                                                                                        RT_STRING0x8c2340x146dataEnglishUnited States0.5153374233128835
                                                                                                        RT_STRING0x8c37c0x446dataEnglishUnited States0.340036563071298
                                                                                                        RT_STRING0x8c7c40x166dataEnglishUnited States0.49162011173184356
                                                                                                        RT_STRING0x8c92c0x152dataEnglishUnited States0.5059171597633136
                                                                                                        RT_STRING0x8ca800x10adataEnglishUnited States0.49624060150375937
                                                                                                        RT_STRING0x8cb8c0xbcdataEnglishUnited States0.6329787234042553
                                                                                                        RT_STRING0x8cc480xd6dataEnglishUnited States0.5747663551401869
                                                                                                        RT_GROUP_ICON0x8cd200x14data1.2
                                                                                                        RT_MANIFEST0x8cd340x753XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.3957333333333333

                                                                                                        Imports

                                                                                                        DLLImport
                                                                                                        KERNEL32.dllGetLastError, SetLastError, FormatMessageW, GetCurrentProcess, DeviceIoControl, SetFileTime, CloseHandle, CreateDirectoryW, RemoveDirectoryW, CreateFileW, DeleteFileW, CreateHardLinkW, GetShortPathNameW, GetLongPathNameW, MoveFileW, GetFileType, GetStdHandle, WriteFile, ReadFile, FlushFileBuffers, SetEndOfFile, SetFilePointer, SetFileAttributesW, GetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, GetVersionExW, GetCurrentDirectoryW, GetFullPathNameW, FoldStringW, GetModuleFileNameW, GetModuleHandleW, FindResourceW, FreeLibrary, GetProcAddress, GetCurrentProcessId, ExitProcess, SetThreadExecutionState, Sleep, LoadLibraryW, GetSystemDirectoryW, CompareStringW, AllocConsole, FreeConsole, AttachConsole, WriteConsoleW, GetProcessAffinityMask, CreateThread, SetThreadPriority, InitializeCriticalSection, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, SetEvent, ResetEvent, ReleaseSemaphore, WaitForSingleObject, CreateEventW, CreateSemaphoreW, GetSystemTime, SystemTimeToTzSpecificLocalTime, TzSpecificLocalTimeToSystemTime, SystemTimeToFileTime, FileTimeToLocalFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetCPInfo, IsDBCSLeadByte, MultiByteToWideChar, WideCharToMultiByte, GlobalAlloc, LockResource, GlobalLock, GlobalUnlock, GlobalFree, LoadResource, SizeofResource, SetCurrentDirectoryW, GetExitCodeProcess, GetLocalTime, GetTickCount, MapViewOfFile, UnmapViewOfFile, CreateFileMappingW, OpenFileMappingW, GetCommandLineW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, GetTempPathW, MoveFileExW, GetLocaleInfoW, GetTimeFormatW, GetDateFormatW, GetNumberFormatW, SetFilePointerEx, GetConsoleMode, GetConsoleCP, HeapSize, SetStdHandle, GetProcessHeap, RaiseException, GetSystemInfo, VirtualProtect, VirtualQuery, LoadLibraryExA, IsProcessorFeaturePresent, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, QueryPerformanceCounter, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, TerminateProcess, RtlUnwind, EncodePointer, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, LoadLibraryExW, QueryPerformanceFrequency, GetModuleHandleExW, GetModuleFileNameA, GetACP, HeapFree, HeapAlloc, HeapReAlloc, GetStringTypeW, LCMapStringW, FindFirstFileExA, FindNextFileA, IsValidCodePage, GetOEMCP, GetCommandLineA, GetEnvironmentStringsW, FreeEnvironmentStringsW, DecodePointer
                                                                                                        gdiplus.dllGdiplusShutdown, GdiplusStartup, GdipCreateHBITMAPFromBitmap, GdipCreateBitmapFromStreamICM, GdipCreateBitmapFromStream, GdipDisposeImage, GdipCloneImage, GdipFree, GdipAlloc

                                                                                                        Possible Origin

                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                        EnglishUnited States

                                                                                                        Network Behavior

                                                                                                        Suricata IDS Alerts

                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                        2024-12-06T09:47:17.233623+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:47:17.233623+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:47:17.233623+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:47:38.168327+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:47:38.168327+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:47:38.288383+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:47:38.288383+01002838486ETPRO MALWARE njRAT/Bladabindi Variant CnC Activity (inf)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:47:43.406131+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:29.997440+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:31.859286+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:37.843585+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:38.061987+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:39.251298+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:39.374864+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:39.563767+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5497113.126.37.1816299TCP
                                                                                                        2024-12-06T09:48:43.073098+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:43.073098+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:44.015364+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:44.135109+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:44.254928+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:44.343637+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:44.374742+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:44.958733+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:47.000670+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:48.681768+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:50.489867+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:51.329348+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:51.773740+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:52.374092+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:52.853601+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:53.947725+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:54.133502+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:54.253470+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:54.667514+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:55.386821+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:55.748238+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:55.958955+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:56.616010+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:56.735824+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:57.338326+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:57.818525+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:57.818525+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:58.552553+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:59.163581+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:48:59.783533+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:00.382947+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:00.535873+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:00.535873+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:01.021710+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:01.143820+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:01.597448+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:01.880962+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:02.484241+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:03.088511+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:03.688001+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:04.321987+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:04.441787+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:04.561681+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:04.801479+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:05.041504+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:05.401328+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:05.884227+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:06.004085+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:06.123871+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:06.244164+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:06.486800+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:06.607473+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:07.214042+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:07.395085+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:07.634952+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:07.774247+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:08.374875+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:08.975589+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:08.975589+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:09.450656+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:09.869480+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:09.989301+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:10.229029+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:10.588731+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:10.948706+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:11.551709+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:12.032036+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:12.152025+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:12.391826+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:12.777806+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:13.377275+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:13.977146+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:14.097059+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:14.336765+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:14.699209+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:15.059179+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:15.299774+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:15.783873+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:16.385518+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:16.505973+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:16.745839+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:16.865755+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:16.985572+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:17.136735+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:17.379596+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:17.982962+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:18.103672+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:18.103672+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:18.224405+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:18.841775+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:19.336897+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:19.966160+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:20.569434+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:20.932141+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:21.053035+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:21.641877+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:21.881725+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:22.241755+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:22.241755+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:22.483256+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:22.966665+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:23.207726+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:23.551196+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:24.633916+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:25.031003+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:25.635585+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:26.115675+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:26.235669+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:26.596512+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:27.203930+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:27.323711+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:27.443501+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:27.563538+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:27.683336+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:27.858958+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:27.978730+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:28.461423+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:29.061481+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:29.661431+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:29.901224+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:29.901224+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:30.280113+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:30.913470+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:31.393688+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:32.015061+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:32.856928+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:33.216300+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:33.937596+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:34.065589+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:34.185480+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:34.828220+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:35.911623+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:36.031728+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:36.617593+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:36.617593+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:37.574116+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:37.814932+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:37.934742+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:38.175581+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:38.447737+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:38.811522+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:39.295686+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:39.415502+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:39.780965+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:39.900905+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:40.361752+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:40.601527+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:40.961161+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:40.961161+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:41.084113+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:41.325598+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:41.928897+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:42.049613+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:42.529479+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:42.657647+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:43.138522+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:43.378377+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:43.860951+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:43.987986+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:44.593054+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:44.593054+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:44.713206+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5498653.127.138.5716299TCP
                                                                                                        2024-12-06T09:49:48.097368+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:48.097368+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:48.576892+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:48.696847+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:48.816718+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:48.936521+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:49.194904+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:49.436887+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:50.048816+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:50.168727+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:50.656350+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:50.776325+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:51.349337+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:52.010672+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:53.097597+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:53.457603+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:54.114634+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:54.356134+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:54.476624+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:54.836527+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:55.076751+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:55.196635+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:55.797606+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:56.037600+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:56.371079+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:56.816202+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:56.936509+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:57.177202+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:57.782297+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:58.899118+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:59.019072+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:59.617775+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:59.737810+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:59.858159+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:49:59.978032+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:00.098085+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:00.218005+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:00.339702+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:00.459767+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:01.061616+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:01.541396+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:02.354167+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:02.954940+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:03.074842+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:03.557446+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:03.677545+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:04.157499+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:04.397676+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:04.519831+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:04.640990+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:05.145619+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:05.385334+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:05.505189+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:05.625010+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:06.104256+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:06.224144+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:06.825619+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:06.945624+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:07.185359+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:07.185359+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:07.305345+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:07.429615+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:07.838686+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:07.958504+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:08.214418+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:09.541614+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:10.141613+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:10.261418+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:10.381409+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:10.501320+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:10.674536+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:10.914333+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:10.914333+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:11.034177+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:11.650150+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:12.252092+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:12.856472+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:12.976297+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:13.456344+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:13.456344+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:13.576310+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:14.056250+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:14.693011+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:15.295817+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:16.016137+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:16.257187+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:17.097457+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:17.697987+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:17.817907+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:18.321457+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:18.442473+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:18.877004+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:18.997040+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:19.117067+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:19.481697+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:19.721583+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:19.841445+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:20.323903+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:20.443890+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:20.564432+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:20.804531+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:20.924385+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:21.612182+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:21.732377+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:22.022579+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:22.262318+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:22.625647+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:22.745459+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:22.986112+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:23.353584+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:23.619822+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:23.739765+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:24.063428+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:24.187990+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:24.442802+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:24.563506+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:24.923351+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:25.043393+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:25.644780+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:26.245612+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:26.485587+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:26.605687+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:27.191374+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:27.431704+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:27.552005+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:28.159727+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:28.520012+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:28.759701+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:29.119208+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:29.496924+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:30.099740+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:30.099740+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:30.702425+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:31.304339+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:31.424307+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:31.928159+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:32.048325+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:32.168211+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:32.288059+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:32.449720+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:32.851564+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:33.578154+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:33.819328+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:34.058977+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:34.178749+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:34.691716+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:35.366596+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:36.003318+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:36.603623+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:37.395158+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:37.755835+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:37.880137+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:38.362331+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:39.461820+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:39.701741+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:40.301261+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:40.301261+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:40.901365+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:41.604469+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:41.844335+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:41.968793+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:42.338253+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:42.578008+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:42.818281+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:43.085706+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:43.205492+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:43.325479+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:43.807852+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:44.047591+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:44.648520+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:44.769700+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:45.249538+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:45.369617+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:45.730872+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:46.327804+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:46.447634+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:47.046897+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:47.286786+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:47.286786+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:47.773746+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:47.893671+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:48.497895+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:48.617783+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:49.197316+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:50.156817+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:50.397793+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:50.637473+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.54997718.157.68.7316299TCP
                                                                                                        2024-12-06T09:50:53.075800+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:53.075800+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:53.315400+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:53.435904+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:53.556987+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:53.726570+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:54.089766+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:54.704801+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:55.188691+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:55.428336+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:55.791830+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:55.911771+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:56.525263+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:56.765375+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:57.247260+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:57.367150+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:57.749013+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:58.473908+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:58.713895+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:59.120884+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:59.758388+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:50:59.758388+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:00.360947+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:00.969917+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:01.643730+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:01.763645+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:01.883430+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:02.362768+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:02.482698+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:02.968425+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:03.089007+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:03.329714+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:03.569554+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:04.349231+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:04.469169+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:04.589109+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:04.713703+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:04.891110+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:05.134369+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:05.254978+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:05.858580+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:07.092399+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:07.733829+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:08.459087+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:08.818820+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:09.300883+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:09.461100+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:09.890822+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:10.371112+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:10.491055+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:10.970343+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:11.090069+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:11.330025+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:12.036413+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:12.156560+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:12.596139+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:12.716070+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:12.956226+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:13.683688+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:14.289704+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:14.409681+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:14.649508+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:14.832949+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:15.252317+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:15.436455+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:15.556319+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:15.676339+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:15.676339+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:16.042149+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:16.162216+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:16.652636+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:17.256420+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:17.736918+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:17.976572+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:18.696540+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:18.696540+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:19.176351+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:19.784644+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:19.904459+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:20.024997+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:21.106326+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:21.346383+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:21.466243+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:21.587289+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:21.762196+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:22.124327+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:22.244243+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:22.846042+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:23.330598+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:23.450493+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:23.939428+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:24.060238+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:24.427457+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:24.549738+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:24.919796+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:25.041129+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:25.311361+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:25.432874+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:25.552756+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:25.793405+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:25.913260+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:26.152977+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:26.273301+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:26.393274+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:26.617136+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:26.737044+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP
                                                                                                        2024-12-06T09:51:27.339293+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.5499783.127.138.5716299TCP

                                                                                                        Network Port Distribution

                                                                                                        TCP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 6, 2024 09:47:37.914360046 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:47:38.034224987 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:47:38.034327030 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:47:38.168327093 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:47:38.288026094 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:47:38.288383007 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:47:38.408473969 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:47:43.406131029 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:47:43.526038885 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:29.997440100 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:30.117191076 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:31.859286070 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:31.979161978 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:37.843585014 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:37.963748932 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:38.061986923 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:38.181691885 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:39.251297951 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:39.370975018 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:39.374864101 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:39.494560003 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:39.563766956 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:39.683551073 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:39.683698893 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:39.803399086 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:39.803466082 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:39.923157930 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:39.923239946 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.043024063 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.043138981 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.162810087 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.163629055 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.283279896 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.283607006 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.403498888 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.406343937 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.526061058 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.526151896 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.645864010 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.645947933 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.715694904 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.716742992 CET4971116299192.168.2.53.126.37.18
                                                                                                        Dec 6, 2024 09:48:40.766618013 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:40.836415052 CET16299497113.126.37.18192.168.2.5
                                                                                                        Dec 6, 2024 09:48:42.950129986 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.069924116 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:43.070038080 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.073097944 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.192945957 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:43.193547010 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.313719034 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:43.314079046 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.433901072 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:43.434031963 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.553808928 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:43.557559967 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.858563900 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.893867016 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:43.895617008 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:43.978542089 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:43.979820967 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.015295982 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.015363932 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.099778891 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.100851059 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.135039091 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.135108948 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.221508026 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.223582029 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.254873991 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.254928112 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.343250036 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.343636990 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.374654055 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.374742031 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:44.463690996 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.494533062 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:44.958733082 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.078656912 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.078855991 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.198606014 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.198688030 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.318667889 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.318746090 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.438895941 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.441540956 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.561362028 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.561450005 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.681185961 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.681257010 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.801084995 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.801300049 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:45.921020031 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:45.921231031 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.040951014 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.041168928 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.160918951 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.161575079 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.281563044 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.281692028 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.401371956 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.401443005 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.521151066 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.521270037 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.640889883 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.641072035 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.760757923 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.760970116 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:46.880646944 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:46.880825043 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.000590086 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.000669956 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.120384932 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.120469093 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.240294933 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.241533995 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.361555099 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.361660957 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.481465101 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.481584072 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.601521015 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.601619959 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.721560001 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.721649885 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.841568947 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.841629028 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:47.961450100 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:47.961530924 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.081336975 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.081584930 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.201638937 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.201778889 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.321732998 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.321825027 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.441771030 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.441853046 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.561682940 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.561836004 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.681519032 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.681767941 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.801456928 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.801740885 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:48.921613932 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:48.921757936 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.043286085 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.043344021 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.163134098 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.163259029 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.283210039 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.285567045 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.405404091 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.405577898 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.525407076 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.525460005 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.645487070 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.645554066 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.765338898 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.765409946 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:49.885127068 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:49.885570049 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.006227016 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.009563923 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.129416943 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.129522085 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.249380112 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.249473095 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.369368076 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.369546890 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.489686012 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.489866972 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.609699965 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.609785080 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.729540110 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.729604959 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.849267006 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.849351883 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:50.969095945 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:50.969237089 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:51.089030981 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:51.089127064 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:51.208832979 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:51.208894968 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:51.329289913 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:51.329348087 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:51.449193001 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:51.773740053 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:51.893640041 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:51.893707991 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.013632059 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.013700008 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.133575916 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.133642912 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.254077911 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.254163027 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.373996019 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.374092102 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.493864059 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.493993998 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.613713980 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.613853931 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.733716011 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.733804941 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.853535891 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.853600979 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:52.973411083 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:52.973503113 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.093770981 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.093866110 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.213597059 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.215948105 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.335803032 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.337548971 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.457211018 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.457319021 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.577018976 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.577102900 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.696866989 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.697580099 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.817691088 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.819592953 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:53.946283102 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:53.947725058 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:54.067611933 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:54.133502007 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:54.253411055 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:54.253469944 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:54.373383045 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:54.667514086 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:54.787374973 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:54.787448883 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:54.907263041 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:54.907413960 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.027228117 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.027415037 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.147115946 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.147181034 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.266877890 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.266942024 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.386729002 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.386821032 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.506738901 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.507684946 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.627389908 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.627482891 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.748061895 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.748238087 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:55.891882896 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:55.958955050 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.131278992 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.131747961 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.251449108 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.251627922 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.371340036 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.371658087 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.492830992 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.495796919 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.615582943 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.616009951 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.735753059 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.735824108 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.855516911 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.855618000 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:56.975552082 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:56.975768089 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.096158981 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.097731113 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.217628002 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.217711926 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.338257074 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.338325977 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.458363056 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.458431959 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.578224897 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.578341961 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.698116064 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.698244095 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.818449020 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.818525076 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:57.947724104 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:57.947788000 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.067729950 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.067800999 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.188050985 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.188118935 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.307815075 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.311803102 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.431564093 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.431849003 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.552481890 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.552552938 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.672295094 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.672353029 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.792274952 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.795749903 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:58.915566921 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:58.919873953 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.040296078 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.043565989 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.163392067 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.163580894 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.283493042 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.283565044 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.403331041 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.403403044 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.523226023 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.523309946 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.643102884 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.643188953 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.763000011 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.783533096 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:48:59.903399944 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:48:59.903475046 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.023173094 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.023252964 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.143017054 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.143116951 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.262875080 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.263051033 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.382885933 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.382946968 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.502696991 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.535872936 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.655720949 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.655801058 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.775665045 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.779598951 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:00.899472952 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:00.899560928 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:01.019359112 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:01.021709919 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:01.141562939 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:01.143820047 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:01.263643980 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:01.597448111 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:01.717170954 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:01.717233896 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:01.836986065 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:01.880961895 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.001601934 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.001665115 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.121691942 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.121773958 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.241720915 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.241811991 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.362055063 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.363970041 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.484186888 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.484241009 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.604007959 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.607682943 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.727591991 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.727914095 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.847758055 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.848754883 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:02.968513966 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:02.968595982 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:03.088334084 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:03.088510990 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:03.208192110 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:03.208252907 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:03.327938080 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:03.328088045 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:03.447938919 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:03.448098898 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:03.567936897 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:03.568072081 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:03.687947989 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:03.688000917 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:03.807729959 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:04.321986914 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:04.441740036 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:04.441787004 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:04.561546087 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:04.561681032 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:04.681510925 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:04.681586027 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:04.801338911 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:04.801479101 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:04.921354055 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:04.921539068 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.041446924 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.041503906 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.161334038 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.161386967 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.281299114 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.281395912 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.401256084 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.401328087 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.521169901 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.521255970 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.641171932 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.641377926 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.763689041 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.763799906 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:05.883539915 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:05.884227037 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:06.003968000 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:06.004085064 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:06.123794079 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:06.123871088 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:06.243578911 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:06.244163990 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:06.363959074 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:06.486799955 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:06.606682062 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:06.607472897 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:06.727817059 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:07.214041948 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:07.395021915 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:07.395085096 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:07.514883995 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:07.514970064 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:07.634859085 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:07.634952068 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:07.754771948 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:07.774246931 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:07.893990993 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:07.894051075 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.013870955 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.013993025 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.133672953 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.133821964 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.253915071 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.255095959 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.374804020 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.374875069 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.494474888 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.494537115 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.614177942 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.614269972 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.734061003 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.735655069 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.855411053 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.855595112 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:08.975506067 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:08.975589037 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:09.095583916 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:09.095647097 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:09.215449095 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:09.215517998 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:09.335242987 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:09.450655937 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:09.572191954 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:09.869479895 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:09.989250898 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:09.989300966 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.109173059 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.109246016 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.228981972 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.229028940 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.348850012 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.348974943 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.468863010 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.468946934 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.588656902 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.588731050 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.708718061 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.708903074 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.828788996 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.828860998 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:10.948597908 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:10.948705912 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.068530083 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.068594933 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.188333035 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.188405991 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.308156013 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.309565067 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.430505037 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.431786060 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.551630974 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.551708937 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.671355963 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.671488047 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.791204929 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.791982889 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:11.911664009 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:11.911741972 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.031415939 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.032036066 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.151937962 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.152024984 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.271789074 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.271949053 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.391711950 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.391825914 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.512145042 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.512222052 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.631954908 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.632128000 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.751893997 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.777806044 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:12.897675037 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:12.897809982 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.017627001 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.017780066 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.137640953 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.137716055 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.257414103 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.257476091 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.377185106 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.377274990 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.497154951 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.497292995 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.617166996 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.617285013 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.737322092 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.737381935 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.857172966 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.857245922 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:13.977050066 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:13.977145910 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.097002029 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.097059011 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.216758013 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.216850042 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.336685896 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.336765051 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.457110882 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.457261086 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.579183102 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.579261065 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.699155092 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.699208975 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.819113970 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.819272041 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:14.939141989 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:14.939251900 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.059084892 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.059179068 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.179001093 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.179074049 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.298902988 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.299773932 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.419507980 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.423623085 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.543430090 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.543517113 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.663275003 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.663366079 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.783196926 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.783873081 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:15.903651953 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:15.903724909 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.023438931 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.023653984 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.145556927 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.145616055 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.265440941 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.265506983 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.385442972 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.385518074 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.505449057 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.505973101 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.625832081 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.625912905 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.745768070 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.745839119 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.865653038 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.865755081 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:16.985493898 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:16.985572100 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.105401039 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.136734962 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.256475925 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.257585049 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.377505064 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.379595995 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.499325037 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.499881983 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.619697094 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.619847059 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.739574909 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.739670992 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.860493898 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.863025904 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:17.982794046 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:17.982961893 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:18.103013992 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:18.103672028 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:18.224313974 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:18.224405050 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:18.344207048 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:18.841774940 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:18.961514950 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:18.961652040 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.081408024 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.081504107 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.201322079 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.201402903 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.321147919 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.336896896 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.456739902 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.457088947 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.576926947 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.577032089 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.696809053 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.696928024 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.816658020 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.816734076 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:19.936459064 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:19.966160059 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.086088896 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.086141109 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.205979109 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.206056118 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.325815916 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.327549934 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.447302103 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.449573040 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.569356918 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.569433928 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.689167976 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.689259052 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.809001923 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.812217951 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:20.932048082 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:20.932141066 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:21.051953077 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:21.053035021 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:21.172950983 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:21.641876936 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:21.761825085 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:21.761882067 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:21.881659031 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:21.881725073 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.001486063 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.001565933 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.121383905 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.121534109 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.241324902 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.241755009 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.361547947 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.361619949 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.481359959 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.483256102 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.602932930 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.603640079 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.723436117 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.724098921 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.844134092 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.846050978 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:22.965868950 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:22.966665030 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:23.086431026 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:23.087882996 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:23.207654953 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:23.207726002 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:23.327496052 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:23.327574015 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:23.551137924 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:23.551196098 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:23.790810108 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:24.633915901 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:24.753673077 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:24.753753901 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:24.874768972 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:24.874850035 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:24.994610071 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.031002998 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.150774002 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.151810884 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.271754026 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.275676012 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.395447969 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.395592928 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.515218973 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.515300989 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.635162115 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.635585070 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.755275965 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.755331993 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.875063896 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.875176907 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:25.994966030 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:25.995625019 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:26.115395069 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:26.115674973 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:26.235450029 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:26.235668898 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:26.355442047 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:26.355544090 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:26.475447893 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:26.475529909 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:26.596441031 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:26.596512079 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:26.716439962 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:27.203929901 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:27.323643923 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:27.323710918 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:27.443449974 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:27.443500996 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:27.563477993 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:27.563538074 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:27.683250904 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:27.683336020 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:27.803035021 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:27.858958006 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:27.978662968 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:27.978729963 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.098472118 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.098563910 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.218341112 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.218420982 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.338138103 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.340389013 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.460134029 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.461422920 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.581170082 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.581263065 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.701009035 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.701591969 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.821270943 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.821584940 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:28.941318989 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:28.941538095 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.061255932 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.061480999 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.181225061 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.181375027 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.301724911 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.301831961 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.421736956 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.421844006 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.541520119 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.541631937 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.661362886 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.661431074 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.781227112 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.781335115 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:29.901124001 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:29.901223898 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.020920992 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.021022081 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.140714884 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.140794992 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.260557890 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.280112982 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.399832964 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.399902105 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.519645929 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.519717932 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.639467001 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.639590979 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.759541988 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.759628057 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:30.879395962 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:30.913470030 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:31.033274889 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:31.033396959 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:31.153268099 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:31.153367996 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:31.273108959 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:31.273596048 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:31.393357038 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:31.393687963 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:31.513396978 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.015060902 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.134788036 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.137154102 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.256891012 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.256942034 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.376709938 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.376771927 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.496896029 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.496957064 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.617110968 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.617223024 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.736968994 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.737051010 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.856714010 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.856928110 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:32.976602077 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:32.976677895 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.096401930 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.096515894 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.216187954 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.216300011 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.335941076 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.336210966 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.456099987 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.457604885 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.577680111 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.577760935 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.697465897 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.697593927 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.817243099 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.817616940 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:33.937309980 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:33.937596083 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:34.057343006 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:34.065588951 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:34.185386896 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:34.185480118 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:34.305259943 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:34.828219891 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:34.947962999 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:34.948020935 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.067743063 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.067814112 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.187509060 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.187625885 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.307471037 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.308072090 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.427897930 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.428170919 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.547947884 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.548008919 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.667905092 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.669656038 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.790000916 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.791773081 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:35.911550999 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:35.911623001 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.031249046 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:36.031728029 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.151416063 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:36.151504993 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.271584988 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:36.271667957 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.494874954 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:36.495121002 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.614753962 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:36.617593050 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.737533092 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:36.741626978 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.861491919 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:36.861569881 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:36.981416941 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:37.574115992 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:37.693955898 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:37.694024086 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:37.814872026 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:37.814932108 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:37.934676886 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:37.934741974 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:38.054514885 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:38.054569960 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:38.175499916 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:38.175580978 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:38.295316935 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:38.447736979 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:38.567627907 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:38.571623087 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:38.691375017 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:38.691618919 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:38.811368942 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:38.811522007 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:38.932792902 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:38.935606003 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.055891037 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.055993080 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.175736904 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.175822020 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.295588970 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.295686007 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.415429115 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.415502071 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.535235882 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.535361052 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.655355930 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.655443907 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.775451899 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.780965090 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:39.900780916 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:39.900904894 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:40.020792007 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:40.361752033 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:40.481583118 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:40.481705904 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:40.601413965 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:40.601526976 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:40.721232891 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:40.721302986 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:40.841146946 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:40.841273069 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:40.961103916 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:40.961160898 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.080951929 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.084112883 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.203867912 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.203959942 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.323734999 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.325598001 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.445372105 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.445558071 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.565347910 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.565598011 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.685550928 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.686078072 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.805847883 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.805911064 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:41.925725937 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:41.928896904 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:42.048746109 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:42.049612999 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:42.169466972 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:42.169677973 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:42.289589882 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:42.289691925 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:42.409508944 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:42.409570932 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:42.529416084 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:42.529479027 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:42.649287939 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:42.657646894 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:42.777517080 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.138521910 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:43.258382082 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.258444071 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:43.378283024 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.378376961 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:43.498290062 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.498410940 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:43.620347977 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.620450974 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:43.740866899 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.740943909 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:43.860894918 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.860950947 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:43.980961084 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:43.987986088 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.108623028 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.108707905 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.229645014 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.229762077 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.349745035 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.349900961 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.473117113 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.473197937 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.592987061 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.593054056 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.713145018 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.713206053 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.832974911 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.833127022 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:44.953459978 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:44.953556061 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:45.073355913 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:45.073435068 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:45.194430113 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:45.718492985 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:45.718565941 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:47.734760046 CET4986516299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:49:47.854681015 CET16299498653.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:49:47.969784021 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:48.089574099 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:48.093692064 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:48.097368002 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:48.218131065 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:48.221657038 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:48.341515064 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:48.576891899 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:48.696789026 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:48.696846962 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:48.816660881 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:48.816718102 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:48.936455011 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:48.936521053 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:49.060348988 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:49.194904089 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:49.314907074 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:49.316446066 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:49.436261892 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:49.436887026 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:49.556631088 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:49.557615042 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:49.678044081 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:49.681665897 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:49.802829981 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:49.805608034 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:49.925785065 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:49.927752018 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.047621965 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:50.048815966 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.168618917 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:50.168726921 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.288497925 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:50.289649010 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.410128117 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:50.410284042 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.530395985 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:50.530477047 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.650412083 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:50.656349897 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.776261091 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:50.776324987 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:50.896277905 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:51.349337101 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:51.469249010 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:51.469397068 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:51.589924097 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:51.590095043 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:51.710839987 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:51.710918903 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:51.830765963 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:51.830843925 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:51.950664997 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.010672092 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.130698919 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.130832911 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.250564098 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.250684977 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.370490074 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.370685101 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.490483046 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.493609905 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.613456964 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.613622904 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.733463049 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.733635902 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.853528023 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.853634119 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:52.973563910 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:52.976488113 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:53.096604109 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:53.097596884 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:53.217413902 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:53.217638016 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:53.337474108 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:53.337548018 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:53.457473040 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:53.457602978 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:53.577578068 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.114634037 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:54.234687090 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.234792948 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:54.356056929 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.356133938 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:54.476557970 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.476624012 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:54.596457005 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.596538067 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:54.716429949 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.716600895 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:54.836452007 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.836527109 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:54.956414938 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:54.956578016 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.076667070 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.076750994 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.196563959 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.196635008 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.316412926 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.317630053 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.437329054 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.437441111 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.557307959 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.557393074 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.677263021 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.677611113 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.797311068 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.797605991 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:55.917371035 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:55.917668104 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:56.037427902 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:56.037600040 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:56.183125019 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:56.183202982 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:56.302968979 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:56.371078968 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:56.491108894 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:56.816201925 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:56.936186075 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:56.936508894 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.056952000 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.057024956 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.177088022 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.177201986 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.296911001 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.297146082 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.417036057 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.417664051 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.537554026 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.537744999 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.659246922 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.661524057 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.782207966 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.782296896 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:57.902056932 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:57.905632019 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.025501013 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.025669098 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.145512104 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.145642996 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.265428066 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.265631914 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.385696888 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.385839939 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.505902052 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.506005049 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.625816107 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.625945091 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.745724916 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.745805025 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:58.866535902 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:58.899117947 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:59.018992901 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:59.019072056 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:59.139600992 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:59.617774963 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:59.737751961 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:59.737809896 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:59.858095884 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:59.858159065 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:49:59.977968931 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:49:59.978032112 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.097965956 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.098084927 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.217931986 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.218004942 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.337939978 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.339701891 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.459475994 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.459767103 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.579572916 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.579710960 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.699672937 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.701679945 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.821542025 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.821624041 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:00.941494942 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:00.941574097 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:01.061459064 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:01.061615944 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:01.181457996 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:01.181535959 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:01.301418066 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:01.301673889 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:01.421376944 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:01.421478987 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:01.541327953 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:01.541395903 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:01.661269903 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:01.661412001 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:01.781320095 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:02.354166985 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:02.473937988 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:02.473997116 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:02.593854904 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:02.593938112 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:02.713723898 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:02.713835955 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:02.834991932 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:02.835102081 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:02.954870939 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:02.954940081 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.074784040 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.074841976 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.194674969 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.194824934 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.314584970 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.317667961 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.437406063 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.437695026 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.557362080 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.557446003 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.677202940 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.677545071 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.797274113 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.797328949 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:03.917155027 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:03.917680025 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:04.037493944 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:04.037623882 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:04.157433987 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:04.157499075 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:04.277239084 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:04.277810097 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:04.397615910 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:04.397675991 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:04.517658949 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:04.519830942 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:04.640846968 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:04.640990019 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:04.760802984 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.145618916 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:05.265377998 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.265456915 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:05.385272026 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.385334015 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:05.505100965 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.505188942 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:05.624953985 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.625010014 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:05.744606972 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.744668007 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:05.864383936 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.864476919 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:05.984152079 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:05.984231949 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.104171038 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.104255915 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.224035025 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.224143982 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.344046116 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.345628977 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.465491056 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.465589046 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.585464001 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.585659981 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.705498934 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.705605984 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.825372934 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.825618982 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:06.945441961 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:06.945624113 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:07.065372944 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:07.065458059 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:07.185290098 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:07.185359001 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:07.305283070 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:07.305345058 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:07.425622940 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:07.429615021 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:07.549571037 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:07.838685989 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:07.958441973 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:07.958503962 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.078402996 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.081685066 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.201713085 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.214417934 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.334353924 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.334415913 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.454159021 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.457731009 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.577470064 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.577548981 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.697315931 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.697722912 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.817429066 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.817537069 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:08.937196016 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:08.937618017 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.057467937 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.057658911 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.177352905 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.177614927 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.298357964 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.300921917 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.420666933 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.420779943 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.540525913 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.541614056 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.661417007 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.661650896 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.781459093 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.781652927 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:09.901428938 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:09.901519060 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.021306038 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.021368980 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.141158104 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.141613007 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.261363029 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.261418104 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.381347895 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.381408930 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.501235962 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.501319885 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.621274948 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.674535990 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.794394016 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.794461012 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:10.914279938 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:10.914333105 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.034125090 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.034177065 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.153965950 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.154097080 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.274013042 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.274137974 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.394548893 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.394656897 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.514404058 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.514501095 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.634630919 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.650150061 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.770199060 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.770302057 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:11.890357018 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:11.890450954 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.010525942 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.010658979 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.131218910 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.131293058 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.252031088 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.252091885 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.374322891 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.374438047 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.496572018 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.496690035 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.616540909 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.616622925 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.736490965 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.736572027 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.856420040 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.856472015 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:12.976239920 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:12.976296902 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.096509933 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.096632957 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.216510057 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.216603041 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.336365938 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.336446047 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.456267118 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.456343889 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.576241970 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.576309919 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.696058035 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.696176052 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.815948963 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.816066027 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:13.935947895 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:13.936018944 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.056181908 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.056250095 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.176546097 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.176603079 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.296335936 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.296442032 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.416218042 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.419733047 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.541228056 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.541378021 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.661288977 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.693011045 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.812881947 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.813627958 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:14.933518887 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:14.933612108 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.053442001 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.053678036 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.173639059 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.173706055 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.293615103 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.295816898 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.415946960 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.416063070 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.535887003 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.535948038 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.655797005 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.655890942 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.775855064 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.776025057 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:15.895958900 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:15.896023989 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.016062021 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.016136885 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.136375904 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.136464119 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.257071972 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.257186890 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.377307892 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.377420902 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.497536898 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.497606993 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.617444992 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.617559910 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.737258911 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.737329960 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.857146978 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.857264042 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:16.977169991 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:16.977336884 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.097385883 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.097456932 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.217253923 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.217324018 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.337832928 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.337893963 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.457736015 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.457840919 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.577575922 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.577706099 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.697909117 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.697987080 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.817784071 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.817907095 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:17.937822104 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:17.937892914 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:18.057722092 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:18.057811975 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:18.177702904 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:18.177774906 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:18.299067020 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:18.321456909 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:18.442395926 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:18.442472935 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:18.562743902 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:18.877003908 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:18.996973991 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:18.997040033 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.117006063 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.117067099 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.236949921 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.237090111 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.357510090 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.357861996 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.477715015 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.481697083 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.601458073 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.601553917 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.721287012 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.721582890 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.841372013 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.841444969 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:19.961237907 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:19.961704016 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.081450939 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.081607103 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.201509953 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.203649998 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.323525906 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.323903084 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.443810940 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.443890095 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.564344883 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.564431906 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.684559107 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.684648037 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.804451942 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.804531097 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:20.924316883 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:20.924385071 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:21.044497013 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:21.612181902 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:21.732326031 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:21.732377052 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:21.852142096 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.022578955 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.142393112 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.142502069 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.262249947 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.262317896 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.382173061 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.385727882 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.505436897 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.505665064 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.625472069 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.625647068 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.745343924 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.745459080 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.865103960 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.865663052 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:22.986031055 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:22.986112118 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:23.105824947 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:23.109679937 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:23.230885983 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:23.233668089 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:23.353379011 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:23.353584051 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:23.473449945 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:23.473524094 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:23.593882084 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:23.619822025 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:23.739701986 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:23.739764929 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:23.859601974 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:24.063427925 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:24.183257103 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:24.187989950 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:24.307872057 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:24.442801952 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:24.563364983 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:24.563505888 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:24.683331013 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:24.683422089 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:24.803160906 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:24.803265095 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:24.923299074 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:24.923351049 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.043292999 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.043392897 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.163496017 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.163618088 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.283641100 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.283735991 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.403523922 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.403816938 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.523730993 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.524867058 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.644721985 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.644779921 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.764759064 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.764866114 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:25.884674072 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:25.885685921 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:26.005485058 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:26.005666018 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:26.125442028 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:26.125644922 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:26.245527983 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:26.245611906 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:26.365428925 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:26.365530014 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:26.485527039 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:26.485586882 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:26.605460882 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:26.605686903 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:26.725423098 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:27.191374063 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:27.311081886 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:27.311141014 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:27.431090117 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:27.431704044 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:27.551424980 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:27.552005053 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:27.671753883 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:27.676186085 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:27.795875072 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:27.795938969 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:27.915863991 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:27.919940948 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.039747953 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.039839029 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.159648895 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.159727097 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.279511929 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.280267000 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.399972916 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.400053024 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.519829988 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.520011902 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.639847040 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.639975071 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.759627104 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.759701014 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.879355907 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.879501104 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:28.999286890 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:28.999351025 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.119049072 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.119208097 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.242278099 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.242425919 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.362982035 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.363061905 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.482891083 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.496923923 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.616928101 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.617023945 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.736871958 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.737087011 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.857125998 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.857367992 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:29.977317095 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:29.977399111 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.099678993 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.099740028 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.219562054 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.219633102 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.339549065 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.339679956 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.459481955 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.460166931 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.580003023 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.580089092 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.700234890 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.702425003 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.822283030 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.822362900 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:30.942116022 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:30.942322016 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:31.062138081 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:31.062237024 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:31.182024956 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:31.182600975 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:31.302423954 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:31.304338932 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:31.424176931 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:31.424307108 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:31.544229984 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:31.928158998 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.048178911 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.048325062 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.168155909 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.168210983 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.287982941 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.288058996 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.449057102 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.449719906 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.606812000 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.606920004 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.726655006 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.726733923 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.846482038 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.851563931 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:32.971332073 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:32.973685980 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.093677998 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.097675085 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.217464924 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.217660904 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.338406086 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.338474989 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.458127975 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.458210945 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.578020096 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.578154087 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.697937965 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.698072910 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.819215059 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.819328070 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:33.939028978 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:33.939089060 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:34.058919907 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:34.058976889 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:34.178673029 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:34.178749084 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:34.298729897 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:34.691715956 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:34.811497927 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:34.811619043 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:34.931308985 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:34.931512117 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.051269054 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:35.051335096 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.171089888 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:35.171154022 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.290810108 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:35.366595984 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.486426115 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:35.486505032 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.606283903 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:35.609683990 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.729326010 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:35.729702950 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.849493980 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:35.849682093 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:35.969352961 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:36.003318071 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:36.123233080 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:36.123306990 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:36.243012905 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:36.243803024 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:36.363523960 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:36.363671064 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:36.483480930 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:36.483573914 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:36.603537083 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:36.603622913 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:36.723392010 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:36.723534107 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:36.843487024 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:37.395158052 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:37.514874935 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:37.514936924 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:37.634705067 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:37.634821892 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:37.755759001 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:37.755835056 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:37.875586033 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:37.880136967 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.002034903 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.002141953 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.122138977 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.122359037 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.242275953 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.242453098 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.362226963 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.362330914 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.482219934 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.483406067 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.603230953 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.603324890 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.723155975 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.723786116 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.843573093 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.843820095 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:38.963656902 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:38.963766098 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.083718061 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.083827972 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.219007015 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.219223976 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.338999033 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.341658115 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.461657047 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.461819887 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.581715107 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.581787109 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.701651096 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.701740980 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.821471930 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.821567059 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:39.941442966 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:39.941526890 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.061405897 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.061534882 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.181318998 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.181397915 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.301192045 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.301260948 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.421241999 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.421356916 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.541218996 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.541306973 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.661154985 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.661303997 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.781217098 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.781294107 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:40.901281118 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:40.901365042 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.021298885 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.021440029 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.141338110 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.141426086 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.261284113 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.261522055 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.381371021 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.381433010 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.501319885 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.604469061 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.724355936 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.724441051 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.844252110 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.844335079 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:41.968661070 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:41.968792915 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.088745117 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:42.088850021 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.208789110 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:42.208858967 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.328711033 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:42.338253021 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.458112001 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:42.458203077 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.577934980 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:42.578007936 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.698134899 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:42.698200941 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.818190098 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:42.818280935 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:42.938236952 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.085705996 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:43.205408096 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.205492020 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:43.325360060 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.325479031 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:43.445214033 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.447829008 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:43.567519903 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.567819118 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:43.687597990 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.687844992 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:43.807768106 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.807852030 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:43.927603960 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:43.927778006 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.047519922 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.047590971 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.167547941 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.167695999 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.287681103 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.289012909 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.408797026 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.408910990 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.528626919 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.528712034 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.648443937 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.648519993 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.769617081 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.769700050 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:44.889820099 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:44.889897108 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.009620905 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:45.009726048 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.129554987 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:45.129625082 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.249453068 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:45.249537945 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.369472027 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:45.369616985 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.489383936 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:45.489464045 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.609287024 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:45.609738111 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.730803967 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:45.730871916 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:45.850573063 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:46.327804089 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:46.447583914 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:46.447633982 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:46.567275047 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:46.567392111 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:46.687047005 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:46.687108040 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:46.806885004 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:46.807039022 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:46.926868916 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:46.926933050 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.046717882 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.046896935 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.166763067 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.166836977 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.286700964 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.286786079 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.406758070 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.409781933 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.529808998 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.533730030 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.653542995 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.653628111 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.773675919 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.773746014 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:47.893528938 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:47.893671036 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:48.013425112 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:48.013676882 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:48.133539915 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:48.133718967 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:48.253597021 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:48.257719994 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:48.377566099 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:48.377670050 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:48.497672081 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:48.497895002 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:48.617724895 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:48.617783070 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:48.737525940 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:49.197315931 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:49.317141056 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:49.317225933 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:49.437077045 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:49.437135935 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:49.556952000 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:49.557069063 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:49.676908016 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:49.677042961 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:49.796961069 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:49.797069073 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:49.916946888 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:49.917041063 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.036869049 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.036935091 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.156706095 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.156816959 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.277807951 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.278007030 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.397712946 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.397793055 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.517563105 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.517678976 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.637398958 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.637473106 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.715233088 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.715306997 CET4997716299192.168.2.518.157.68.73
                                                                                                        Dec 6, 2024 09:50:50.757204056 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:50.835117102 CET162994997718.157.68.73192.168.2.5
                                                                                                        Dec 6, 2024 09:50:52.952507019 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.072571039 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.072674990 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.075799942 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.195523977 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.195636988 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.315332890 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.315399885 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.435173988 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.435904026 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.556168079 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.556987047 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.676660061 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.726569891 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.846240997 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.846304893 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:53.966104984 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:53.967747927 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:54.087518930 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:54.089766026 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:54.209518909 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:54.704801083 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:54.825726032 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:54.825779915 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:54.947532892 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:54.947670937 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.067470074 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.067691088 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.188446045 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.188690901 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.308425903 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.308516026 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.428241968 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.428335905 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.548053026 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.551693916 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.671369076 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.671786070 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.791614056 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.791830063 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:55.911706924 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:55.911771059 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.031703949 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.031820059 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.152124882 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.152445078 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.273103952 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.275749922 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.395632029 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.395730972 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.515829086 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.525263071 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.645253897 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.645315886 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.765305996 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.765374899 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:56.885242939 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:56.885380983 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.006143093 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.006227016 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.125989914 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.126101971 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.247150898 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.247260094 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.367098093 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.367150068 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.487004042 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.489684105 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.609580040 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.609684944 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.729619980 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.749012947 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.868962049 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.869033098 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:57.989115953 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:57.989201069 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.109292030 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.109693050 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.229450941 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.233676910 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.353455067 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.353543043 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.473829031 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.473907948 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.593794107 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.593869925 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.713788033 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.713895082 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.833765984 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.833981991 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:58.953871012 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:58.953958035 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.073729992 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.120883942 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.241904974 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.241974115 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.361737967 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.361874104 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.481775999 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.481987953 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.601857901 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.601939917 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.721951962 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.758388042 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.878345966 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.878427029 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:50:59.998244047 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:50:59.998527050 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.118266106 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.118452072 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.238359928 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.238423109 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.358244896 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.360946894 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.480762005 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.480834961 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.600786924 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.600960970 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.720837116 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.720952988 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.841234922 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.841331959 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:00.969789028 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:00.969917059 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:01.089812040 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:01.643729925 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:01.763583899 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:01.763644934 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:01.883364916 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:01.883430004 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.003130913 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.003225088 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.123009920 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.123151064 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.242894888 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.242968082 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.362685919 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.362767935 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.482625008 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.482697964 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.602615118 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.605731010 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.725572109 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.725737095 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.845567942 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.845747948 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:02.966336012 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:02.968425035 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:03.088324070 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:03.089006901 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:03.208760977 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:03.208842039 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:03.328578949 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:03.329714060 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:03.449568033 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:03.449739933 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:03.569485903 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:03.569554090 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:03.689399958 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:04.349231005 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:04.469084978 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:04.469168901 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:04.589025974 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:04.589108944 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:04.710321903 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:04.713702917 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:04.833518028 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:04.891109943 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.011468887 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.013763905 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.133663893 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.134368896 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.254379988 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.254977942 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.374722958 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.377681017 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.497558117 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.497699022 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.617877007 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.618041039 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.737920046 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.738018036 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.858480930 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.858580112 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:05.978442907 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:05.978518963 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:06.098201990 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:06.098351955 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:06.218101978 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:06.218256950 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:06.337946892 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:06.338037968 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:06.457940102 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.092398882 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:07.212127924 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.212191105 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:07.332097054 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.332174063 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:07.492264032 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.492331028 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:07.612117052 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.613738060 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:07.733766079 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.733829021 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:07.853555918 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.853705883 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:07.973469019 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:07.973565102 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.093535900 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.095263958 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.215027094 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.215735912 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.335520029 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.337688923 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.457485914 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.459086895 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.578838110 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.579015970 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.698761940 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.698821068 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.818690062 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.818820000 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:08.938647032 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:08.938782930 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:09.058660984 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:09.058729887 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:09.179116964 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:09.300883055 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:09.421400070 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:09.461100101 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:09.580944061 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:09.890821934 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.010814905 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.010942936 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.130865097 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.131122112 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.250967979 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.251056910 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.371049881 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.371112108 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.490978003 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.491055012 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.610841036 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.610958099 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.730685949 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.730776072 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.850481987 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.850591898 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:10.970267057 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:10.970343113 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.089987993 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:11.090069056 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.209876060 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:11.209955931 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.329801083 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:11.330024958 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.449878931 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:11.450050116 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.569808006 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:11.569894075 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.689748049 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:11.689860106 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.809732914 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:11.809792042 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:11.929656982 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:12.036412954 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:12.156419992 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:12.156559944 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:12.276479959 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:12.596138954 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:12.716008902 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:12.716069937 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:12.836096048 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:12.836250067 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:12.956146002 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:12.956226110 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.076209068 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.076353073 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.196290016 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.196374893 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.316303968 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.316380024 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.436240911 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.440809965 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.560792923 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.561702967 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.681649923 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.683687925 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.803577900 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.805743933 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:13.925643921 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:13.925712109 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.045530081 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:14.047713041 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.167577028 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:14.169723034 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.289572001 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:14.289704084 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.409535885 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:14.409681082 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.529524088 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:14.529603004 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.649439096 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:14.649507999 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.769265890 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:14.832948923 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:14.952811003 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:15.252316952 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:15.372208118 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:15.436455011 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:15.556251049 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:15.556318998 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:15.676275969 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:15.676338911 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:15.796174049 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.042149067 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:16.162141085 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.162215948 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:16.281960011 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.282140017 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:16.402055025 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.402206898 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:16.521986008 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.524686098 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:16.644450903 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.652636051 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:16.772648096 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.772733927 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:16.892518997 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:16.895842075 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.015662909 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.016040087 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.135952950 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.136475086 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.256329060 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.256419897 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.376163006 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.376255989 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.496104002 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.496198893 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.616796017 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.616940022 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.736793995 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.736917973 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.856687069 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.856749058 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:17.976490021 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:17.976572037 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:18.096681118 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:18.096755028 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:18.336345911 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:18.336492062 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:18.456408024 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:18.456563950 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:18.576385021 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:18.576471090 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:18.696471930 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:18.696540117 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:18.816392899 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:18.816539049 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:18.936321020 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:18.936479092 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.056399107 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.056487083 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.176278114 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.176351070 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.297750950 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.297816038 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.417758942 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.417896986 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.537687063 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.541786909 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.661631107 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.663558960 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.783421040 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.784643888 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:19.904397964 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:19.904459000 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.024286032 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.024996996 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.144829988 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.145757914 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.265582085 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.265700102 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.385454893 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.385698080 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.505486965 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.505562067 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.625312090 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.625400066 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.745414019 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.745520115 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.865514994 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.865744114 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:20.985589981 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:20.985673904 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:21.106234074 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:21.106326103 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:21.226316929 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:21.226387024 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:21.346293926 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:21.346383095 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:21.466169119 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:21.466243029 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:21.586281061 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:21.587289095 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:21.707057953 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:21.762196064 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:21.882714987 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:21.882817030 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.002731085 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.002821922 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.122800112 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.124326944 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.244157076 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.244242907 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.364140034 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.365724087 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.485743046 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.485874891 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.605807066 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.605885983 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.725651979 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.725820065 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.845953941 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.846041918 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:22.970184088 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:22.970350027 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:23.090130091 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:23.090415001 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:23.210324049 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:23.210427046 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:23.330517054 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:23.330598116 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:23.450428009 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:23.450493097 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:23.570173025 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:23.939428091 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:24.059240103 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:24.060237885 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:24.180183887 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:24.427457094 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:24.547271967 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:24.549737930 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:24.669553995 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:24.919795990 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:25.039683104 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:25.041129112 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:25.161022902 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:25.311361074 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:25.431245089 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:25.432873964 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:25.552615881 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:25.552756071 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:25.672493935 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:25.672574043 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:25.793339968 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:25.793405056 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:25.913203955 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:25.913259983 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.033034086 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.033174992 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.152911901 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.152976990 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.273237944 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.273300886 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.393167973 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.393274069 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.513082027 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.617136002 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.736979008 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.737044096 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.856939077 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.857098103 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:26.976857901 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:26.977025986 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.098998070 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:27.099163055 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.219186068 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:27.219259024 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.339241028 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:27.339293003 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.460037947 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:27.460131884 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.580382109 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:27.580476999 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.700351000 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:27.700459957 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.820682049 CET16299499783.127.138.57192.168.2.5
                                                                                                        Dec 6, 2024 09:51:27.820775986 CET4997816299192.168.2.53.127.138.57
                                                                                                        Dec 6, 2024 09:51:27.940722942 CET16299499783.127.138.57192.168.2.5

                                                                                                        UDP Packets

                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                        Dec 6, 2024 09:47:37.414025068 CET5916353192.168.2.51.1.1.1
                                                                                                        Dec 6, 2024 09:47:37.911210060 CET53591631.1.1.1192.168.2.5
                                                                                                        Dec 6, 2024 09:48:42.720762968 CET6072753192.168.2.51.1.1.1
                                                                                                        Dec 6, 2024 09:48:42.949074030 CET53607271.1.1.1192.168.2.5
                                                                                                        Dec 6, 2024 09:49:47.736398935 CET5631353192.168.2.51.1.1.1
                                                                                                        Dec 6, 2024 09:49:47.968624115 CET53563131.1.1.1192.168.2.5
                                                                                                        Dec 6, 2024 09:50:52.719913006 CET6497753192.168.2.51.1.1.1
                                                                                                        Dec 6, 2024 09:50:52.948474884 CET53649771.1.1.1192.168.2.5

                                                                                                        DNS Queries

                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                        Dec 6, 2024 09:47:37.414025068 CET192.168.2.51.1.1.10x27cfStandard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                                                        Dec 6, 2024 09:48:42.720762968 CET192.168.2.51.1.1.10x1950Standard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                                                        Dec 6, 2024 09:49:47.736398935 CET192.168.2.51.1.1.10xd481Standard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false
                                                                                                        Dec 6, 2024 09:50:52.719913006 CET192.168.2.51.1.1.10x32Standard query (0)2.tcp.eu.ngrok.ioA (IP address)IN (0x0001)false

                                                                                                        DNS Answers

                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                        Dec 6, 2024 09:47:37.911210060 CET1.1.1.1192.168.2.50x27cfNo error (0)2.tcp.eu.ngrok.io3.126.37.18A (IP address)IN (0x0001)false
                                                                                                        Dec 6, 2024 09:48:42.949074030 CET1.1.1.1192.168.2.50x1950No error (0)2.tcp.eu.ngrok.io3.127.138.57A (IP address)IN (0x0001)false
                                                                                                        Dec 6, 2024 09:49:47.968624115 CET1.1.1.1192.168.2.50xd481No error (0)2.tcp.eu.ngrok.io18.157.68.73A (IP address)IN (0x0001)false
                                                                                                        Dec 6, 2024 09:50:52.948474884 CET1.1.1.1192.168.2.50x32No error (0)2.tcp.eu.ngrok.io3.127.138.57A (IP address)IN (0x0001)false

                                                                                                        Statistics

                                                                                                        CPU Usage

                                                                                                        Click to jump to process

                                                                                                        Memory Usage

                                                                                                        Click to jump to process

                                                                                                        High Level Behavior Distribution

                                                                                                        Click to dive into process behavior distribution

                                                                                                        Behavior

                                                                                                        Click to jump to process

                                                                                                        System Behavior

                                                                                                        General

                                                                                                        Target ID:0
                                                                                                        Start time:03:47:19
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe"
                                                                                                        Imagebase:0x10000
                                                                                                        File size:2'388'170 bytes
                                                                                                        MD5 hash:E4631D6E2FEE44DE27D84AFF1CE7C7A5
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000003.2084844156.0000000006BD3000.00000004.00000020.00020000.00000000.sdmp, Author: Brian Wallace @botnet_hunter
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:2
                                                                                                        Start time:03:47:20
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Users\user\Desktop\NjRAT.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\Desktop\NjRAT.exe"
                                                                                                        Imagebase:0x10000
                                                                                                        File size:37'888 bytes
                                                                                                        MD5 hash:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: 00000002.00000000.2090189709.0000000000012000.00000002.00000001.01000000.00000009.sdmp, Author: Brian Wallace @botnet_hunter
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\Desktop\NjRAT.exe, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\Desktop\NjRAT.exe, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\Desktop\NjRAT.exe, Author: Brian Wallace @botnet_hunter
                                                                                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\Desktop\NjRAT.exe, Author: ditekSHen
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 100%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:3
                                                                                                        Start time:03:47:20
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Windows\System32\rundll32.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                                        Imagebase:0x7ff7a2c50000
                                                                                                        File size:71'680 bytes
                                                                                                        MD5 hash:EF3179D498793BF4234F708D3BE28633
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:4
                                                                                                        Start time:03:47:27
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\svchost.exe"
                                                                                                        Imagebase:0x5f0000
                                                                                                        File size:37'888 bytes
                                                                                                        MD5 hash:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Yara matches:
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000004.00000002.4555101041.0000000003281000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                        • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: Joe Security
                                                                                                        • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: unknown
                                                                                                        • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: Brian Wallace @botnet_hunter
                                                                                                        • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Local\Temp\svchost.exe, Author: ditekSHen
                                                                                                        Antivirus matches:
                                                                                                        • Detection: 100%, Avira
                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                        • Detection: 100%, ReversingLabs
                                                                                                        Reputation:low
                                                                                                        Has exited:false

                                                                                                        General

                                                                                                        Target ID:5
                                                                                                        Start time:03:47:34
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Windows\SysWOW64\netsh.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:netsh firewall add allowedprogram "C:\Users\user\AppData\Local\Temp\svchost.exe" "svchost.exe" ENABLE
                                                                                                        Imagebase:0x1080000
                                                                                                        File size:82'432 bytes
                                                                                                        MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:6
                                                                                                        Start time:03:47:34
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:7
                                                                                                        Start time:03:47:34
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:taskkill /F /IM ProcessHacker.exe
                                                                                                        Imagebase:0x690000
                                                                                                        File size:74'240 bytes
                                                                                                        MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:8
                                                                                                        Start time:03:47:34
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                        Wow64 process (32bit):false
                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                        Imagebase:0x7ff6d64d0000
                                                                                                        File size:862'208 bytes
                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                        Has elevated privileges:true
                                                                                                        Has administrator privileges:true
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:high
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:10
                                                                                                        Start time:03:47:42
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                                                                                                        Imagebase:0xa70000
                                                                                                        File size:37'888 bytes
                                                                                                        MD5 hash:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:11
                                                                                                        Start time:03:47:50
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                                                                                                        Imagebase:0x660000
                                                                                                        File size:37'888 bytes
                                                                                                        MD5 hash:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        General

                                                                                                        Target ID:12
                                                                                                        Start time:03:47:59
                                                                                                        Start date:06/12/2024
                                                                                                        Path:C:\Users\user\AppData\Local\Temp\svchost.exe
                                                                                                        Wow64 process (32bit):true
                                                                                                        Commandline:"C:\Users\user\AppData\Local\Temp\svchost.exe" ..
                                                                                                        Imagebase:0xa20000
                                                                                                        File size:37'888 bytes
                                                                                                        MD5 hash:5C02E4B0AD99D924AA9EED7D706BFE12
                                                                                                        Has elevated privileges:false
                                                                                                        Has administrator privileges:false
                                                                                                        Programmed in:C, C++ or other language
                                                                                                        Reputation:low
                                                                                                        Has exited:true

                                                                                                        Disassembly

                                                                                                        Reset < >

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:9.8%
                                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                                          Signature Coverage:9.9%
                                                                                                          Total number of Nodes:1560
                                                                                                          Total number of Limit Nodes:35
                                                                                                          execution_graph 25263 2ff00 51 API calls 2 library calls 25220 2d60b DialogBoxParamW 25267 40310 IsProcessorFeaturePresent 25222 2ac20 100 API calls 25223 29a20 10 API calls 25269 28f20 6 API calls 25225 11025 29 API calls pre_c_initialization 25270 11f25 127 API calls __EH_prolog 24119 2df24 24120 2def5 24119->24120 24122 2e221 24120->24122 24150 2df2e 24122->24150 24124 2e23b 24125 2e298 24124->24125 24138 2e2bc 24124->24138 24126 2e19f DloadReleaseSectionWriteAccess 11 API calls 24125->24126 24127 2e2a3 RaiseException 24126->24127 24128 2e491 24127->24128 24129 2eefa TranslatorGuardHandler 5 API calls 24128->24129 24131 2e4a0 24129->24131 24130 2e334 LoadLibraryExA 24132 2e347 GetLastError 24130->24132 24133 2e395 24130->24133 24131->24120 24134 2e370 24132->24134 24135 2e35a 24132->24135 24137 2e3a7 24133->24137 24139 2e3a0 FreeLibrary 24133->24139 24140 2e19f DloadReleaseSectionWriteAccess 11 API calls 24134->24140 24135->24133 24135->24134 24136 2e405 GetProcAddress 24141 2e415 GetLastError 24136->24141 24146 2e463 24136->24146 24137->24136 24137->24146 24138->24130 24138->24133 24138->24137 24138->24146 24139->24137 24144 2e37b RaiseException 24140->24144 24142 2e428 24141->24142 24145 2e19f DloadReleaseSectionWriteAccess 11 API calls 24142->24145 24142->24146 24144->24128 24147 2e449 RaiseException 24145->24147 24161 2e19f 24146->24161 24148 2df2e ___delayLoadHelper2@8 11 API calls 24147->24148 24149 2e460 24148->24149 24149->24146 24151 2df60 24150->24151 24152 2df3a 24150->24152 24151->24124 24169 2dfdd 24152->24169 24155 2df5b 24179 2df61 24155->24179 24158 2eefa TranslatorGuardHandler 5 API calls 24159 2e21d 24158->24159 24159->24124 24160 2e1ec 24160->24158 24162 2e1d3 24161->24162 24163 2e1b1 24161->24163 24162->24128 24164 2dfdd DloadLock 8 API calls 24163->24164 24165 2e1b6 24164->24165 24166 2e1ce 24165->24166 24167 2e12f DloadProtectSection 3 API calls 24165->24167 24188 2e1d7 8 API calls 2 library calls 24166->24188 24167->24166 24170 2df61 DloadUnlock 3 API calls 24169->24170 24171 2dff2 24170->24171 24172 2eefa TranslatorGuardHandler 5 API calls 24171->24172 24173 2df3f 24172->24173 24173->24155 24174 2e12f 24173->24174 24176 2e144 DloadObtainSection 24174->24176 24175 2e14a 24175->24155 24176->24175 24177 2e17f VirtualProtect 24176->24177 24187 2e03a VirtualQuery GetSystemInfo 24176->24187 24177->24175 24180 2df72 24179->24180 24181 2df6e 24179->24181 24182 2df76 24180->24182 24183 2df7a GetModuleHandleW 24180->24183 24181->24160 24182->24160 24184 2df90 GetProcAddress 24183->24184 24186 2df8c 24183->24186 24185 2dfa0 GetProcAddress 24184->24185 24184->24186 24185->24186 24186->24160 24187->24177 24188->24162 25226 3ac28 27 API calls 2 library calls 25271 2ab2d 78 API calls 24196 2d830 24197 2d83d 24196->24197 24198 1e0ac 53 API calls 24197->24198 24199 2d851 24198->24199 24200 13f8f _swprintf 51 API calls 24199->24200 24201 2d863 SetDlgItemTextW 24200->24201 24204 2af04 PeekMessageW 24201->24204 24205 2af58 24204->24205 24206 2af1f GetMessageW 24204->24206 24207 2af44 TranslateMessage DispatchMessageW 24206->24207 24208 2af35 IsDialogMessageW 24206->24208 24207->24205 24208->24205 24208->24207 25272 33730 RtlUnwind 25227 32637 48 API calls 25228 19840 81 API calls 25274 38340 8 API calls ___vcrt_uninitialize 24277 2db4e 19 API calls ___delayLoadHelper2@8 25277 2ab52 GetDlgItem EnableWindow ShowWindow SendMessageW 25278 2cf50 70 API calls 25279 32150 6 API calls 4 library calls 25280 3b950 GetCommandLineA GetCommandLineW 24322 2dc54 24323 2db58 24322->24323 24324 2e221 ___delayLoadHelper2@8 19 API calls 24323->24324 24324->24323 25284 2af60 100 API calls 25286 2e772 38 API calls 2 library calls 24336 2b170 24337 2b17a __EH_prolog 24336->24337 24499 1130b 24337->24499 24340 2b1a8 24341 2b85c 24565 2cfee 24341->24565 24342 2b1bc 24342->24340 24345 2b232 24342->24345 24346 2b1c9 24342->24346 24349 2b2d1 GetDlgItemTextW 24345->24349 24355 2b24c 24345->24355 24350 2b205 24346->24350 24351 2b1ce 24346->24351 24347 2b87a SendMessageW 24348 2b888 24347->24348 24353 2b8a2 GetDlgItem SendMessageW 24348->24353 24354 2b891 SendDlgItemMessageW 24348->24354 24349->24350 24352 2b307 24349->24352 24350->24340 24356 2b226 EndDialog 24350->24356 24351->24340 24360 1e0ac 53 API calls 24351->24360 24357 2b31f GetDlgItem 24352->24357 24366 2b310 24352->24366 24583 2a004 GetCurrentDirectoryW 24353->24583 24354->24353 24359 1e0ac 53 API calls 24355->24359 24356->24340 24362 2b334 SendMessageW SendMessageW 24357->24362 24363 2b355 SetFocus 24357->24363 24364 2b26e SetDlgItemTextW 24359->24364 24365 2b1e8 24360->24365 24361 2b8d2 GetDlgItem 24367 2b8f5 SetWindowTextW 24361->24367 24368 2b8ef 24361->24368 24362->24363 24369 2b365 24363->24369 24381 2b37d 24363->24381 24370 2b27c 24364->24370 24603 11241 SHGetMalloc 24365->24603 24366->24350 24372 2b7fc 24366->24372 24584 2a558 GetClassNameW 24367->24584 24368->24367 24374 1e0ac 53 API calls 24369->24374 24370->24340 24380 2b289 GetMessageW 24370->24380 24377 1e0ac 53 API calls 24372->24377 24379 2b36f 24374->24379 24375 2b1ef 24375->24340 24376 2b1f3 SetDlgItemTextW 24375->24376 24376->24340 24382 2b80c SetDlgItemTextW 24377->24382 24604 2ce1e 24379->24604 24380->24340 24385 2b2a0 IsDialogMessageW 24380->24385 24389 1e0ac 53 API calls 24381->24389 24386 2b820 24382->24386 24385->24370 24388 2b2af TranslateMessage DispatchMessageW 24385->24388 24391 1e0ac 53 API calls 24386->24391 24388->24370 24390 2b3b4 24389->24390 24395 13f8f _swprintf 51 API calls 24390->24395 24396 2b849 24391->24396 24392 2b940 24394 2b970 24392->24394 24399 1e0ac 53 API calls 24392->24399 24393 2c085 98 API calls 24393->24392 24405 2c085 98 API calls 24394->24405 24436 2ba28 24394->24436 24400 2b3c6 24395->24400 24401 1e0ac 53 API calls 24396->24401 24397 2b376 24509 1a1ef 24397->24509 24403 2b953 SetDlgItemTextW 24399->24403 24404 2ce1e 16 API calls 24400->24404 24401->24340 24410 1e0ac 53 API calls 24403->24410 24404->24397 24411 2b98b 24405->24411 24406 2bad8 24412 2bae1 EnableWindow 24406->24412 24413 2baea 24406->24413 24407 2b405 GetLastError 24408 2b410 24407->24408 24515 2a5b3 SetCurrentDirectoryW 24408->24515 24416 2b967 SetDlgItemTextW 24410->24416 24422 2b99d 24411->24422 24437 2b9c2 24411->24437 24412->24413 24414 2bb07 24413->24414 24622 112c8 GetDlgItem EnableWindow 24413->24622 24421 2bb2e 24414->24421 24428 2bb26 SendMessageW 24414->24428 24415 2b426 24419 2b43d 24415->24419 24420 2b42f GetLastError 24415->24420 24416->24394 24418 2ba1b 24424 2c085 98 API calls 24418->24424 24427 2b4b8 24419->24427 24431 2b4c8 24419->24431 24433 2b455 GetTickCount 24419->24433 24420->24419 24421->24340 24429 1e0ac 53 API calls 24421->24429 24620 29878 32 API calls 24422->24620 24423 2bafd 24623 112c8 GetDlgItem EnableWindow 24423->24623 24424->24436 24427->24431 24432 2b6fd 24427->24432 24428->24421 24435 2bb47 SetDlgItemTextW 24429->24435 24430 2b9b6 24430->24437 24439 2b4e0 GetModuleFileNameW 24431->24439 24440 2b698 24431->24440 24524 112e6 GetDlgItem ShowWindow 24432->24524 24441 13f8f _swprintf 51 API calls 24433->24441 24434 2bab6 24621 29878 32 API calls 24434->24621 24435->24340 24436->24406 24436->24434 24443 1e0ac 53 API calls 24436->24443 24437->24418 24444 2c085 98 API calls 24437->24444 24614 1ee15 83 API calls 24439->24614 24440->24350 24452 1e0ac 53 API calls 24440->24452 24447 2b46e 24441->24447 24443->24436 24449 2b9f0 24444->24449 24445 2b70d 24525 112e6 GetDlgItem ShowWindow 24445->24525 24516 198be 24447->24516 24448 2bad5 24448->24406 24449->24418 24453 2b9f9 DialogBoxParamW 24449->24453 24451 2b506 24455 13f8f _swprintf 51 API calls 24451->24455 24456 2b6ac 24452->24456 24453->24350 24453->24418 24454 2b717 24457 1e0ac 53 API calls 24454->24457 24458 2b528 CreateFileMappingW 24455->24458 24459 13f8f _swprintf 51 API calls 24456->24459 24461 2b721 SetDlgItemTextW 24457->24461 24462 2b58a GetCommandLineW 24458->24462 24494 2b607 __vsnwprintf_l 24458->24494 24463 2b6ca 24459->24463 24526 112e6 GetDlgItem ShowWindow 24461->24526 24469 2b59b 24462->24469 24473 1e0ac 53 API calls 24463->24473 24464 2b494 24465 2b49b GetLastError 24464->24465 24466 2b4a6 24464->24466 24465->24466 24471 197f0 81 API calls 24466->24471 24467 2b612 ShellExecuteExW 24489 2b62f 24467->24489 24615 2adbe SHGetMalloc 24469->24615 24471->24427 24472 2b733 SetDlgItemTextW GetDlgItem 24475 2b750 GetWindowLongW SetWindowLongW 24472->24475 24476 2b768 24472->24476 24473->24350 24474 2b5b7 24616 2adbe SHGetMalloc 24474->24616 24475->24476 24527 2c085 24476->24527 24480 2b5c3 24617 2adbe SHGetMalloc 24480->24617 24481 2b672 24481->24440 24488 2b688 UnmapViewOfFile CloseHandle 24481->24488 24482 2c085 98 API calls 24484 2b784 24482->24484 24553 2d3b2 24484->24553 24485 2b5cf 24618 1ef88 83 API calls ___scrt_fastfail 24485->24618 24488->24440 24489->24481 24492 2b65e Sleep 24489->24492 24491 2b5e6 MapViewOfFile 24491->24494 24492->24481 24492->24489 24493 2c085 98 API calls 24497 2b7aa 24493->24497 24494->24467 24495 2b7d3 24619 112c8 GetDlgItem EnableWindow 24495->24619 24497->24495 24498 2c085 98 API calls 24497->24498 24498->24495 24500 11314 24499->24500 24501 1136d 24499->24501 24503 1137a 24500->24503 24624 1dd73 62 API calls 2 library calls 24500->24624 24625 1dd4c GetWindowLongW SetWindowLongW 24501->24625 24503->24340 24503->24341 24503->24342 24505 11336 24505->24503 24506 11349 GetDlgItem 24505->24506 24506->24503 24507 11359 24506->24507 24507->24503 24508 1135f SetWindowTextW 24507->24508 24508->24503 24513 1a1f9 24509->24513 24510 1a2b3 24510->24407 24510->24408 24511 1a28a 24511->24510 24512 1a3fa 9 API calls 24511->24512 24512->24510 24513->24510 24513->24511 24626 1a3fa 24513->24626 24515->24415 24517 198c8 24516->24517 24518 19932 CreateFileW 24517->24518 24519 19926 24517->24519 24518->24519 24520 1b85c 2 API calls 24519->24520 24521 19984 24519->24521 24522 1996b 24520->24522 24521->24464 24522->24521 24523 1996f CreateFileW 24522->24523 24523->24521 24524->24445 24525->24454 24526->24472 24528 2c08f __EH_prolog 24527->24528 24529 2b776 24528->24529 24647 2acc6 ExpandEnvironmentStringsW 24528->24647 24529->24482 24533 2c3ad SetWindowTextW 24537 2c0c6 _wcsrchr 24533->24537 24535 1bb55 CharUpperW 24535->24537 24537->24529 24537->24533 24537->24535 24538 338ae 22 API calls 24537->24538 24540 2c19b SetFileAttributesW 24537->24540 24552 2c1b5 ___scrt_fastfail 24537->24552 24648 21ac4 CompareStringW 24537->24648 24649 2a004 GetCurrentDirectoryW 24537->24649 24651 1a71d 7 API calls 24537->24651 24652 1a6a6 FindClose 24537->24652 24653 2ae2a 76 API calls ___std_exception_copy 24537->24653 24654 2acc6 ExpandEnvironmentStringsW 24537->24654 24538->24537 24542 2c255 GetFileAttributesW 24540->24542 24540->24552 24542->24537 24544 2c267 DeleteFileW 24542->24544 24544->24537 24546 2c278 24544->24546 24545 2c577 GetDlgItem SetWindowTextW SendMessageW 24545->24552 24547 13f8f _swprintf 51 API calls 24546->24547 24549 2c298 GetFileAttributesW 24547->24549 24548 2c5b7 SendMessageW 24548->24537 24549->24546 24550 2c2ad MoveFileW 24549->24550 24550->24537 24551 2c2c5 MoveFileExW 24550->24551 24551->24537 24552->24537 24552->24542 24552->24545 24552->24548 24650 1b6e7 52 API calls _swprintf 24552->24650 24554 2d3bc __EH_prolog 24553->24554 24655 20188 24554->24655 24556 2d3ed 24659 15bd9 24556->24659 24558 2d40b 24663 17d8e 24558->24663 24562 2d45e 24680 17e21 24562->24680 24564 2b795 24564->24493 24566 2cff8 24565->24566 24567 29f7a 4 API calls 24566->24567 24568 2cffd 24567->24568 24569 2d005 GetWindow 24568->24569 24571 2b862 24568->24571 24570 2d025 24569->24570 24569->24571 24570->24571 24572 2d032 GetClassNameW 24570->24572 24574 2d056 GetWindowLongW 24570->24574 24575 2d0ba GetWindow 24570->24575 24571->24347 24571->24348 25197 21ac4 CompareStringW 24572->25197 24574->24575 24576 2d066 SendMessageW 24574->24576 24575->24570 24575->24571 24576->24575 24577 2d07c GetObjectW 24576->24577 25198 29fba GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24577->25198 24579 2d093 25199 29f99 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 24579->25199 25200 2a1bd 8 API calls ___scrt_fastfail 24579->25200 24582 2d0a4 SendMessageW DeleteObject 24582->24575 24583->24361 24585 2a579 24584->24585 24589 2a59e 24584->24589 25201 21ac4 CompareStringW 24585->25201 24587 2a58c 24588 2a590 FindWindowExW 24587->24588 24587->24589 24588->24589 24590 2aa53 24589->24590 24591 2aa5d __EH_prolog 24590->24591 24592 113a2 85 API calls 24591->24592 24593 2aa7f 24592->24593 25202 11f6f 24593->25202 24596 2aaa8 24599 11971 127 API calls 24596->24599 24597 2aa99 24598 11653 86 API calls 24597->24598 24601 2aaa4 24598->24601 24602 2aaca __vsnwprintf_l ___std_exception_copy 24599->24602 24600 11653 86 API calls 24600->24601 24601->24392 24601->24393 24602->24600 24603->24375 24605 2af04 5 API calls 24604->24605 24606 2ce2a GetDlgItem 24605->24606 24607 2ce80 SendMessageW SendMessageW 24606->24607 24608 2ce4c 24606->24608 24609 2cedb SendMessageW SendMessageW SendMessageW 24607->24609 24610 2cebc 24607->24610 24613 2ce57 ShowWindow SendMessageW SendMessageW 24608->24613 24611 2cf31 SendMessageW 24609->24611 24612 2cf0e SendMessageW 24609->24612 24610->24609 24611->24397 24612->24611 24613->24607 24614->24451 24615->24474 24616->24480 24617->24485 24618->24491 24619->24366 24620->24430 24621->24448 24622->24423 24623->24414 24624->24505 24625->24503 24627 1a407 24626->24627 24628 1a42b 24627->24628 24629 1a41e CreateDirectoryW 24627->24629 24630 1a373 4 API calls 24628->24630 24629->24628 24631 1a45e 24629->24631 24633 1a431 24630->24633 24635 1a46d 24631->24635 24639 1a637 24631->24639 24632 1a471 GetLastError 24632->24635 24633->24632 24636 1b85c 2 API calls 24633->24636 24635->24513 24637 1a447 24636->24637 24637->24632 24638 1a44b CreateDirectoryW 24637->24638 24638->24631 24638->24632 24640 2e630 24639->24640 24641 1a644 SetFileAttributesW 24640->24641 24642 1a687 24641->24642 24643 1a65a 24641->24643 24642->24635 24644 1b85c 2 API calls 24643->24644 24645 1a66e 24644->24645 24645->24642 24646 1a672 SetFileAttributesW 24645->24646 24646->24642 24647->24537 24648->24537 24649->24537 24650->24552 24651->24537 24652->24537 24653->24537 24654->24537 24656 20195 24655->24656 24684 117a9 24656->24684 24658 201ad 24658->24556 24660 20188 24659->24660 24661 117a9 78 API calls 24660->24661 24662 201ad 24661->24662 24662->24558 24664 17d98 __EH_prolog 24663->24664 24701 1ca2b 24664->24701 24666 17db3 24667 2e512 new 8 API calls 24666->24667 24668 17ddd 24667->24668 24707 2464c 24668->24707 24671 17f05 24672 17f0f 24671->24672 24674 17f79 24672->24674 24736 1a6b9 24672->24736 24676 17fea 24674->24676 24678 1a6b9 8 API calls 24674->24678 24714 1850d 24674->24714 24679 1802c 24676->24679 24742 16d41 74 API calls 24676->24742 24678->24674 24679->24562 24681 17e2f 24680->24681 24683 17e36 24680->24683 24682 21def 86 API calls 24681->24682 24682->24683 24685 117bf 24684->24685 24696 1181a __vsnwprintf_l 24684->24696 24686 117e8 24685->24686 24697 16e68 76 API calls __vswprintf_c_l 24685->24697 24688 11847 24686->24688 24693 11807 ___std_exception_copy 24686->24693 24690 338ae 22 API calls 24688->24690 24689 117de 24698 16edc 75 API calls 24689->24698 24692 1184e 24690->24692 24692->24696 24700 16edc 75 API calls 24692->24700 24693->24696 24699 16edc 75 API calls 24693->24699 24696->24658 24697->24689 24698->24686 24699->24696 24700->24696 24702 1ca35 __EH_prolog 24701->24702 24703 2e512 new 8 API calls 24702->24703 24705 1ca78 24703->24705 24704 2e512 new 8 API calls 24706 1ca9c 24704->24706 24705->24704 24706->24666 24708 24656 __EH_prolog 24707->24708 24709 2e512 new 8 API calls 24708->24709 24710 24672 24709->24710 24711 17e0c 24710->24711 24713 20995 80 API calls 24710->24713 24711->24671 24713->24711 24715 18517 __EH_prolog 24714->24715 24743 113a2 24715->24743 24717 18532 24751 1a097 24717->24751 24723 18561 24876 11653 24723->24876 24724 1855d 24724->24723 24732 1a6b9 8 API calls 24724->24732 24734 185fc 24724->24734 24880 1bcc8 CompareStringW 24724->24880 24728 1865c 24777 11f20 24728->24777 24732->24724 24733 18667 24733->24723 24781 13a31 24733->24781 24791 18709 24733->24791 24770 186a5 24734->24770 24737 1a6ce 24736->24737 24741 1a6d2 24737->24741 25185 1a7e7 24737->25185 24739 1a6e2 24740 1a6e7 FindClose 24739->24740 24739->24741 24740->24741 24741->24672 24742->24679 24744 113a7 __EH_prolog 24743->24744 24745 1ca2b 8 API calls 24744->24745 24746 113df 24745->24746 24747 2e512 new 8 API calls 24746->24747 24750 11438 ___scrt_fastfail 24746->24750 24748 11425 24747->24748 24749 1b26d 85 API calls 24748->24749 24748->24750 24749->24750 24750->24717 24752 1a0ae 24751->24752 24753 18548 24752->24753 24881 16f43 78 API calls 24752->24881 24753->24723 24755 119c6 24753->24755 24756 119d0 __EH_prolog 24755->24756 24767 11a20 24756->24767 24768 11a05 24756->24768 24882 11380 24756->24882 24758 11b70 24885 16d41 74 API calls 24758->24885 24760 13a31 100 API calls 24763 11bd3 24760->24763 24761 11b80 24761->24760 24761->24768 24762 11c1f 24762->24768 24769 11c52 24762->24769 24886 16d41 74 API calls 24762->24886 24763->24762 24765 13a31 100 API calls 24763->24765 24765->24763 24766 13a31 100 API calls 24766->24769 24767->24758 24767->24761 24767->24768 24768->24724 24769->24766 24769->24768 24771 186b2 24770->24771 24904 20ef6 GetSystemTime SystemTimeToFileTime 24771->24904 24773 18616 24773->24728 24774 21671 24773->24774 24906 2d7d7 24774->24906 24778 11f25 __EH_prolog 24777->24778 24779 11f59 24778->24779 24914 11971 24778->24914 24779->24733 24782 13a41 24781->24782 24783 13a3d 24781->24783 24784 13a7c 24782->24784 24785 13a6e 24782->24785 24783->24733 25072 1276d 100 API calls 3 library calls 24784->25072 24787 13aae 24785->24787 25071 13206 88 API calls 3 library calls 24785->25071 24787->24733 24789 13a7a 24789->24787 25073 11fd3 74 API calls 24789->25073 24792 18713 __EH_prolog 24791->24792 24793 1874c 24792->24793 24805 18750 24792->24805 25131 286fd 102 API calls 24792->25131 24794 18775 24793->24794 24797 18808 24793->24797 24793->24805 24795 18797 24794->24795 24794->24805 25132 17c35 151 API calls 24794->25132 24795->24805 25133 286fd 102 API calls 24795->25133 24797->24805 25074 15dba 24797->25074 24801 18893 24801->24805 25082 183f8 24801->25082 24804 18a03 24806 1a6b9 8 API calls 24804->24806 24807 18a6e 24804->24807 24805->24733 24806->24807 25086 17e92 24807->25086 24809 1cb95 83 API calls 24813 18ac9 _memcmp 24809->24813 24810 18bfe 24811 18cd1 24810->24811 24814 18c4d 24810->24814 24819 18d2c 24811->24819 24829 18cdc 24811->24829 24812 18bf7 25136 16d72 74 API calls 24812->25136 24813->24805 24813->24809 24813->24810 24813->24812 25134 183c4 85 API calls 24813->25134 25135 16d72 74 API calls 24813->25135 24818 18cbe 24814->24818 24823 1a373 4 API calls 24814->24823 24817 18d2a 24822 197f0 81 API calls 24817->24822 24818->24817 24827 18d97 24818->24827 24819->24818 25138 1826d 98 API calls 24819->25138 24820 1935c 24821 197f0 81 API calls 24820->24821 24821->24805 24822->24805 24826 18c85 24823->24826 24825 18e02 24830 1ac78 8 API calls 24825->24830 24826->24818 25137 19508 98 API calls 24826->25137 24827->24820 24827->24825 24828 19b29 GetFileType 24827->24828 24831 18dda 24828->24831 24829->24817 25092 1804c 24829->25092 24833 18e51 24830->24833 24831->24825 25139 16d72 74 API calls 24831->25139 24835 1ac78 8 API calls 24833->24835 24853 18e67 24835->24853 24837 18df0 25140 170d6 77 API calls 24837->25140 24839 18f2a 24840 18f85 24839->24840 24841 1908e 24839->24841 24842 18ff7 24840->24842 24845 18f95 24840->24845 24843 190a0 24841->24843 24844 190b4 24841->24844 24862 18fb5 24841->24862 24846 183f8 CharUpperW 24842->24846 24849 19477 122 API calls 24843->24849 24850 22e9e 75 API calls 24844->24850 24847 18fdb 24845->24847 24854 18fa3 24845->24854 24848 19012 24846->24848 24847->24862 25143 179d6 112 API calls 24847->25143 24858 19045 24848->24858 24859 1903b 24848->24859 24848->24862 24849->24862 24852 190cd 24850->24852 24855 22b4d 122 API calls 24852->24855 24853->24839 25141 19cc1 SetFilePointer GetLastError SetEndOfFile 24853->25141 25142 16d72 74 API calls 24854->25142 24855->24862 25145 193b5 94 API calls __EH_prolog 24858->25145 25144 1775c 86 API calls 24859->25144 24865 191dc 24862->24865 25146 16d72 74 API calls 24862->25146 24864 192e7 24864->24820 24866 1a637 4 API calls 24864->24866 24865->24820 24865->24864 24867 19295 24865->24867 25125 1a05f SetEndOfFile 24865->25125 24868 19342 24866->24868 25126 19f02 24867->25126 24868->24820 25147 16d72 74 API calls 24868->25147 24871 192dc 24872 19870 77 API calls 24871->24872 24872->24864 24874 19352 25148 17002 76 API calls 24874->25148 24877 11665 24876->24877 25184 1cace 86 API calls 24877->25184 24880->24724 24881->24753 24887 116f2 24882->24887 24884 1139c 24884->24767 24885->24768 24886->24769 24888 11708 24887->24888 24899 11760 __vsnwprintf_l 24887->24899 24889 11731 24888->24889 24900 16e68 76 API calls __vswprintf_c_l 24888->24900 24891 11787 24889->24891 24896 1174d ___std_exception_copy 24889->24896 24893 338ae 22 API calls 24891->24893 24892 11727 24901 16edc 75 API calls 24892->24901 24895 1178e 24893->24895 24895->24899 24903 16edc 75 API calls 24895->24903 24896->24899 24902 16edc 75 API calls 24896->24902 24899->24884 24900->24892 24901->24889 24902->24899 24903->24899 24905 20f26 __vsnwprintf_l 24904->24905 24905->24773 24907 2d7e4 24906->24907 24908 1e0ac 53 API calls 24907->24908 24909 2d807 24908->24909 24910 13f8f _swprintf 51 API calls 24909->24910 24911 2d819 24910->24911 24912 2ce1e 16 API calls 24911->24912 24913 2168a 24912->24913 24913->24728 24915 1197d 24914->24915 24916 11981 24914->24916 24915->24779 24918 118b6 24916->24918 24919 118c8 24918->24919 24920 11905 24918->24920 24921 13a31 100 API calls 24919->24921 24926 13e9d 24920->24926 24924 118e8 24921->24924 24924->24915 24928 13ea6 24926->24928 24927 13a31 100 API calls 24927->24928 24928->24927 24930 11926 24928->24930 24943 20957 24928->24943 24930->24924 24931 11e20 24930->24931 24932 11e2a __EH_prolog 24931->24932 24951 13ac2 24932->24951 24934 11e54 24935 116f2 78 API calls 24934->24935 24936 11edb 24934->24936 24937 11e6b 24935->24937 24936->24924 24979 11869 78 API calls 24937->24979 24939 11e83 24941 11e8f 24939->24941 24980 21692 MultiByteToWideChar 24939->24980 24981 11869 78 API calls 24941->24981 24944 2095e 24943->24944 24945 20979 24944->24945 24949 16e63 RaiseException __CxxThrowException@8 24944->24949 24947 2098a SetThreadExecutionState 24945->24947 24950 16e63 RaiseException __CxxThrowException@8 24945->24950 24947->24928 24949->24945 24950->24947 24952 13acc __EH_prolog 24951->24952 24953 13ae2 24952->24953 24954 13afe 24952->24954 25010 16d41 74 API calls 24953->25010 24956 13d47 24954->24956 24959 13b2a 24954->24959 25035 16d41 74 API calls 24956->25035 24958 13aed 24958->24934 24959->24958 24982 22e9e 24959->24982 24961 13bab 24963 13c36 24961->24963 24978 13ba2 24961->24978 25013 1cb95 24961->25013 24962 13ba7 24962->24961 25012 11fb9 78 API calls 24962->25012 24995 1ac78 24963->24995 24965 13b97 25011 16d41 74 API calls 24965->25011 24966 13b79 24966->24961 24966->24962 24966->24965 24968 13c49 24972 13cc3 24968->24972 24973 13ccd 24968->24973 24999 19477 24972->24999 25019 22b4d 24973->25019 24976 13ccb 24976->24978 25028 16d72 74 API calls 24976->25028 25029 21def 24978->25029 24979->24939 24980->24941 24981->24936 24983 22ead 24982->24983 24985 22eb7 24982->24985 25036 16edc 75 API calls 24983->25036 24986 22ef9 Concurrency::cancel_current_task 24985->24986 24988 22efe ___std_exception_copy 24985->24988 24994 22f59 ___scrt_fastfail 24985->24994 25038 318c8 RaiseException 24986->25038 24987 23005 Concurrency::cancel_current_task 25039 318c8 RaiseException 24987->25039 24988->24987 24989 22f35 24988->24989 24988->24994 25037 22dd7 75 API calls 4 library calls 24989->25037 24993 2301d 24994->24966 24994->24994 24996 1ac85 24995->24996 24998 1ac8f 24995->24998 24997 2e512 new 8 API calls 24996->24997 24997->24998 24998->24968 25000 19481 __EH_prolog 24999->25000 25040 17eec 25000->25040 25003 11380 78 API calls 25004 19493 25003->25004 25043 1cc70 25004->25043 25006 194a5 25007 194ed 25006->25007 25008 1cc70 117 API calls 25006->25008 25052 1ce55 97 API calls __vsnwprintf_l 25006->25052 25007->24976 25008->25006 25010->24958 25011->24978 25012->24961 25014 1cbb6 25013->25014 25015 1cbc8 25013->25015 25053 161c9 83 API calls 25014->25053 25054 161c9 83 API calls 25015->25054 25018 1cbc0 25018->24963 25020 22b56 25019->25020 25021 22b7f 25019->25021 25023 22b75 25020->25023 25024 22b6b 25020->25024 25027 22b73 25020->25027 25021->25027 25069 25120 122 API calls 2 library calls 25021->25069 25068 25e38 117 API calls 25023->25068 25055 26887 25024->25055 25027->24976 25028->24978 25031 21df9 25029->25031 25030 21e12 25070 20a36 86 API calls 25030->25070 25031->25030 25034 21e26 25031->25034 25033 21e19 25033->25034 25035->24958 25036->24985 25037->24994 25038->24987 25039->24993 25041 1aee5 GetVersionExW 25040->25041 25042 17ef1 25041->25042 25042->25003 25046 1cc86 __vsnwprintf_l 25043->25046 25044 1cdfb 25045 1ce23 25044->25045 25047 1cc0f 6 API calls 25044->25047 25048 20957 SetThreadExecutionState RaiseException 25045->25048 25046->25044 25049 286fd 102 API calls 25046->25049 25050 1cdf2 25046->25050 25051 1ad60 91 API calls 25046->25051 25047->25045 25048->25050 25049->25046 25050->25006 25051->25046 25052->25006 25053->25018 25054->25018 25056 230c9 75 API calls 25055->25056 25057 26898 ___BuildCatchObject __vsnwprintf_l 25056->25057 25058 1cc70 117 API calls 25057->25058 25059 26c6a 25057->25059 25062 20d11 81 API calls 25057->25062 25063 23a02 117 API calls 25057->25063 25064 26cbc 117 API calls 25057->25064 25065 20acc 88 API calls 25057->25065 25066 23476 98 API calls 25057->25066 25067 272ff 122 API calls 25057->25067 25058->25057 25060 24df4 98 API calls 25059->25060 25061 26c7a __vsnwprintf_l 25060->25061 25061->25027 25062->25057 25063->25057 25064->25057 25065->25057 25066->25057 25067->25057 25068->25027 25069->25027 25070->25033 25071->24789 25072->24789 25073->24787 25075 15dca 25074->25075 25149 15ce7 25075->25149 25078 15dfd 25079 15e40 25078->25079 25080 15e35 25078->25080 25154 1af55 CompareStringW CharUpperW CompareStringW 25078->25154 25079->25080 25155 20104 CompareStringW 25079->25155 25080->24801 25083 18417 25082->25083 25161 21ab5 CharUpperW 25083->25161 25085 184c1 25085->24804 25087 17ea1 25086->25087 25088 17ee1 25087->25088 25162 170b8 74 API calls 25087->25162 25088->24813 25090 17ed9 25163 16d41 74 API calls 25090->25163 25093 18056 25092->25093 25094 1823a 25093->25094 25095 1a3fa 9 API calls 25093->25095 25094->24817 25096 18093 25095->25096 25097 1a373 4 API calls 25096->25097 25099 181de 25096->25099 25098 180a3 25097->25098 25100 180e5 25098->25100 25102 1a387 4 API calls 25098->25102 25099->25094 25164 1a49e 25099->25164 25101 1a1ef 9 API calls 25100->25101 25124 1817a 25100->25124 25103 1810c 25101->25103 25106 180b1 25102->25106 25105 1a3fa 9 API calls 25103->25105 25108 18129 25105->25108 25106->25100 25180 19508 98 API calls 25106->25180 25108->25099 25108->25124 25181 16d41 74 API calls 25108->25181 25110 18247 25182 16d72 74 API calls 25110->25182 25111 181c6 25111->25099 25113 1a637 4 API calls 25111->25113 25113->25099 25114 18253 25183 17002 76 API calls 25114->25183 25116 18148 25117 1a373 4 API calls 25116->25117 25118 18166 25117->25118 25119 1a387 4 API calls 25118->25119 25121 18170 25118->25121 25119->25121 25120 1a1ef 9 API calls 25122 18197 25120->25122 25121->25120 25121->25124 25123 1a3fa 9 API calls 25122->25123 25123->25124 25124->25099 25124->25110 25124->25111 25125->24867 25127 19f13 25126->25127 25130 19f22 25126->25130 25128 19f19 FlushFileBuffers 25127->25128 25127->25130 25128->25130 25129 19f9b SetFileTime 25129->24871 25130->25129 25131->24793 25132->24795 25133->24805 25134->24813 25135->24813 25136->24810 25137->24818 25138->24818 25139->24837 25140->24825 25141->24839 25142->24862 25143->24862 25144->24862 25145->24862 25146->24865 25147->24874 25148->24820 25156 15be4 25149->25156 25152 15be4 3 API calls 25153 15d08 25152->25153 25153->25078 25154->25078 25155->25080 25157 15bee 25156->25157 25159 15cd6 25157->25159 25160 1af55 CompareStringW CharUpperW CompareStringW 25157->25160 25159->25152 25159->25153 25160->25157 25161->25085 25162->25090 25163->25088 25165 1a4a8 25164->25165 25166 1a387 4 API calls 25165->25166 25167 1a50c 25166->25167 25169 1a637 4 API calls 25167->25169 25171 1a527 CreateFileW 25167->25171 25169->25171 25170 1a553 25172 1b85c 2 API calls 25170->25172 25171->25170 25177 1a59b 25171->25177 25173 1a569 25172->25173 25174 1a571 CreateFileW 25173->25174 25175 1a62a 25173->25175 25174->25175 25174->25177 25175->25094 25176 1a5d4 SetFileTime CloseHandle 25176->25175 25178 1a61a 25176->25178 25177->25176 25179 1a637 4 API calls 25178->25179 25179->25175 25180->25100 25181->25116 25182->25114 25183->25099 25186 1a7f1 25185->25186 25187 1a884 FindNextFileW 25186->25187 25188 1a814 FindFirstFileW 25186->25188 25190 1a8a3 25187->25190 25191 1a88f GetLastError 25187->25191 25189 1a82b 25188->25189 25196 1a868 25188->25196 25192 1b85c 2 API calls 25189->25192 25190->25196 25191->25190 25193 1a840 25192->25193 25194 1a844 FindFirstFileW 25193->25194 25195 1a85d GetLastError 25193->25195 25194->25195 25194->25196 25195->25196 25196->24739 25197->24570 25198->24579 25199->24579 25200->24582 25201->24587 25203 1a097 78 API calls 25202->25203 25204 11f7b 25203->25204 25205 119c6 100 API calls 25204->25205 25208 11f98 25204->25208 25206 11f88 25205->25206 25206->25208 25209 16d41 74 API calls 25206->25209 25208->24596 25208->24597 25209->25208 25287 1ed73 FreeLibrary 25288 2ed70 27 API calls pre_c_initialization 25289 2bb70 93 API calls _swprintf 25234 3ec70 51 API calls 25235 35a70 QueryPerformanceFrequency QueryPerformanceCounter 25290 3a170 31 API calls 2 library calls 25291 39f70 71 API calls _free 25236 11075 85 API calls pre_c_initialization 23222 2ed82 23223 2ed8e CallCatchBlock 23222->23223 23248 2e87a 23223->23248 23225 2ed95 23227 2edbe 23225->23227 23328 2f1b5 IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 23225->23328 23235 2edfd ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 23227->23235 23259 3856d 23227->23259 23231 2eddd CallCatchBlock 23232 2ee5d 23267 2f2d0 23232->23267 23235->23232 23329 37533 38 API calls 4 library calls 23235->23329 23243 2ee89 23245 2ee92 23243->23245 23330 3791b 28 API calls _abort 23243->23330 23331 2e9f1 13 API calls 2 library calls 23245->23331 23249 2e883 23248->23249 23332 2f00b IsProcessorFeaturePresent 23249->23332 23251 2e88f 23333 322b6 23251->23333 23253 2e894 23254 2e898 23253->23254 23342 383c7 23253->23342 23254->23225 23257 2e8af 23257->23225 23260 38584 23259->23260 23261 2eefa TranslatorGuardHandler 5 API calls 23260->23261 23262 2edd7 23261->23262 23262->23231 23263 38511 23262->23263 23264 38540 23263->23264 23265 2eefa TranslatorGuardHandler 5 API calls 23264->23265 23266 38569 23265->23266 23266->23235 23400 2f5f0 23267->23400 23270 2ee63 23271 384be 23270->23271 23402 3b5a0 23271->23402 23273 2ee6c 23276 2d891 23273->23276 23275 384c7 23275->23273 23406 3b92b 38 API calls 23275->23406 23600 203aa 23276->23600 23280 2d8b0 23649 2a5c6 23280->23649 23282 2d8b9 23653 216cb GetCPInfo 23282->23653 23284 2d8c3 ___scrt_fastfail 23285 2d8d6 GetCommandLineW 23284->23285 23286 2d963 GetModuleFileNameW SetEnvironmentVariableW GetLocalTime 23285->23286 23287 2d8e5 23285->23287 23667 13f8f 23286->23667 23656 2bf14 23287->23656 23293 2d8f3 OpenFileMappingW 23296 2d953 CloseHandle 23293->23296 23297 2d90c MapViewOfFile 23293->23297 23294 2d95d 23661 2d544 23294->23661 23296->23286 23300 2d94a UnmapViewOfFile 23297->23300 23301 2d91d __vsnwprintf_l 23297->23301 23300->23296 23305 2d544 2 API calls 23301->23305 23307 2d939 23305->23307 23306 28a75 8 API calls 23308 2da27 DialogBoxParamW 23306->23308 23307->23300 23309 2da61 23308->23309 23310 2da73 Sleep 23309->23310 23311 2da7a 23309->23311 23310->23311 23314 2da88 23311->23314 23700 2a7d4 CompareStringW SetCurrentDirectoryW ___scrt_fastfail 23311->23700 23313 2daa7 DeleteObject 23315 2dac3 23313->23315 23316 2dabc DeleteObject 23313->23316 23314->23313 23317 2db06 23315->23317 23318 2daf4 23315->23318 23316->23315 23697 2a62e 23317->23697 23701 2d5a3 6 API calls 23318->23701 23320 2dafa CloseHandle 23320->23317 23322 2db40 23323 3784f GetModuleHandleW 23322->23323 23324 2ee7f 23323->23324 23324->23243 23325 37978 23324->23325 23965 376f5 23325->23965 23328->23225 23329->23232 23330->23245 23331->23231 23332->23251 23334 322bb ___vcrt_initialize_pure_virtual_call_handler ___vcrt_initialize_winapi_thunks 23333->23334 23346 333be 23334->23346 23337 322c9 23337->23253 23339 322d1 23340 322dc 23339->23340 23360 333fa DeleteCriticalSection 23339->23360 23340->23253 23388 3baca 23342->23388 23345 322df 8 API calls 3 library calls 23345->23254 23347 333c7 23346->23347 23349 333f0 23347->23349 23350 322c5 23347->23350 23361 33652 23347->23361 23366 333fa DeleteCriticalSection 23349->23366 23350->23337 23352 323fc 23350->23352 23381 33567 23352->23381 23354 32406 23355 32411 23354->23355 23386 33615 6 API calls try_get_function 23354->23386 23355->23339 23357 3241f 23358 3242c 23357->23358 23387 3242f 6 API calls ___vcrt_FlsFree 23357->23387 23358->23339 23360->23337 23367 33446 23361->23367 23364 33689 InitializeCriticalSectionAndSpinCount 23365 33675 23364->23365 23365->23347 23366->23350 23368 3347a 23367->23368 23372 33476 23367->23372 23368->23364 23368->23365 23369 3349a 23369->23368 23371 334a6 GetProcAddress 23369->23371 23373 334b6 __crt_fast_encode_pointer 23371->23373 23372->23368 23372->23369 23374 334e6 23372->23374 23373->23368 23375 33503 23374->23375 23376 3350e LoadLibraryExW 23374->23376 23375->23372 23377 3352a GetLastError 23376->23377 23378 33542 23376->23378 23377->23378 23379 33535 LoadLibraryExW 23377->23379 23378->23375 23380 33559 FreeLibrary 23378->23380 23379->23378 23380->23375 23382 33446 try_get_function 5 API calls 23381->23382 23383 33581 23382->23383 23384 33599 TlsAlloc 23383->23384 23385 3358a 23383->23385 23385->23354 23386->23357 23387->23355 23391 3bae3 23388->23391 23390 2e8a1 23390->23257 23390->23345 23392 2eefa 23391->23392 23393 2ef03 23392->23393 23394 2ef05 IsProcessorFeaturePresent 23392->23394 23393->23390 23396 2f507 23394->23396 23399 2f4cb SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 23396->23399 23398 2f5ea 23398->23390 23399->23398 23401 2f2e3 GetStartupInfoW 23400->23401 23401->23270 23403 3b5a9 23402->23403 23405 3b5b2 23402->23405 23407 3b497 23403->23407 23405->23275 23406->23275 23427 392b5 GetLastError 23407->23427 23409 3b4a4 23447 3b5be 23409->23447 23411 3b4ac 23456 3b22b 23411->23456 23414 3b4c3 23414->23405 23420 3b501 23480 38c7a 20 API calls _free 23420->23480 23422 3b54a 23426 3b506 23422->23426 23487 3b101 26 API calls 23422->23487 23423 3b51e 23423->23422 23424 387fe _free 20 API calls 23423->23424 23424->23422 23481 387fe 23426->23481 23428 392d1 23427->23428 23429 392cb 23427->23429 23433 39320 SetLastError 23428->23433 23489 388c9 23428->23489 23488 3a92b 11 API calls 2 library calls 23429->23488 23433->23409 23434 392eb 23436 387fe _free 20 API calls 23434->23436 23438 392f1 23436->23438 23437 39300 23437->23434 23439 39307 23437->23439 23440 3932c SetLastError 23438->23440 23497 3911b 20 API calls _free 23439->23497 23498 38886 38 API calls _abort 23440->23498 23443 39312 23445 387fe _free 20 API calls 23443->23445 23446 39319 23445->23446 23446->23433 23446->23440 23448 3b5ca CallCatchBlock 23447->23448 23449 392b5 _abort 38 API calls 23448->23449 23454 3b5d4 23449->23454 23451 3b658 CallCatchBlock 23451->23411 23454->23451 23455 387fe _free 20 API calls 23454->23455 23501 38886 38 API calls _abort 23454->23501 23502 3a701 EnterCriticalSection 23454->23502 23503 3b64f LeaveCriticalSection _abort 23454->23503 23455->23454 23504 340a6 23456->23504 23459 3b25e 23461 3b275 23459->23461 23462 3b263 GetACP 23459->23462 23460 3b24c GetOEMCP 23460->23461 23461->23414 23463 38838 23461->23463 23462->23461 23464 38876 23463->23464 23468 38846 _free 23463->23468 23515 38c7a 20 API calls _free 23464->23515 23465 38861 RtlAllocateHeap 23467 38874 23465->23467 23465->23468 23467->23426 23470 3b660 23467->23470 23468->23464 23468->23465 23514 3749d 7 API calls 2 library calls 23468->23514 23471 3b22b 40 API calls 23470->23471 23472 3b67f 23471->23472 23475 3b6d0 IsValidCodePage 23472->23475 23477 3b686 23472->23477 23479 3b6f5 ___scrt_fastfail 23472->23479 23473 2eefa TranslatorGuardHandler 5 API calls 23474 3b4f9 23473->23474 23474->23420 23474->23423 23476 3b6e2 GetCPInfo 23475->23476 23475->23477 23476->23477 23476->23479 23477->23473 23516 3b303 GetCPInfo 23479->23516 23480->23426 23482 38832 _free 23481->23482 23483 38809 RtlFreeHeap 23481->23483 23482->23414 23483->23482 23484 3881e 23483->23484 23599 38c7a 20 API calls _free 23484->23599 23486 38824 GetLastError 23486->23482 23487->23426 23488->23428 23494 388d6 _free 23489->23494 23490 38916 23500 38c7a 20 API calls _free 23490->23500 23491 38901 RtlAllocateHeap 23492 38914 23491->23492 23491->23494 23492->23434 23496 3a981 11 API calls 2 library calls 23492->23496 23494->23490 23494->23491 23499 3749d 7 API calls 2 library calls 23494->23499 23496->23437 23497->23443 23499->23494 23500->23492 23502->23454 23503->23454 23505 340c3 23504->23505 23511 340b9 23504->23511 23506 392b5 _abort 38 API calls 23505->23506 23505->23511 23507 340e4 23506->23507 23512 3940a 38 API calls __fassign 23507->23512 23509 340fd 23513 39437 38 API calls __fassign 23509->23513 23511->23459 23511->23460 23512->23509 23513->23511 23514->23468 23515->23467 23520 3b33d 23516->23520 23525 3b3e7 23516->23525 23519 2eefa TranslatorGuardHandler 5 API calls 23522 3b493 23519->23522 23526 3c3f8 23520->23526 23522->23477 23524 3a585 __vsnwprintf_l 43 API calls 23524->23525 23525->23519 23527 340a6 __fassign 38 API calls 23526->23527 23528 3c418 MultiByteToWideChar 23527->23528 23531 3c456 23528->23531 23538 3c4ee 23528->23538 23530 2eefa TranslatorGuardHandler 5 API calls 23534 3b39e 23530->23534 23532 3c477 __vsnwprintf_l ___scrt_fastfail 23531->23532 23533 38838 __vsnwprintf_l 21 API calls 23531->23533 23535 3c4e8 23532->23535 23537 3c4bc MultiByteToWideChar 23532->23537 23533->23532 23540 3a585 23534->23540 23545 3a5d0 20 API calls _free 23535->23545 23537->23535 23539 3c4d8 GetStringTypeW 23537->23539 23538->23530 23539->23535 23541 340a6 __fassign 38 API calls 23540->23541 23542 3a598 23541->23542 23546 3a368 23542->23546 23545->23538 23548 3a383 __vsnwprintf_l 23546->23548 23547 3a3a9 MultiByteToWideChar 23549 3a3d3 23547->23549 23550 3a55d 23547->23550 23548->23547 23555 38838 __vsnwprintf_l 21 API calls 23549->23555 23557 3a3f4 __vsnwprintf_l 23549->23557 23551 2eefa TranslatorGuardHandler 5 API calls 23550->23551 23552 3a570 23551->23552 23552->23524 23553 3a4a9 23582 3a5d0 20 API calls _free 23553->23582 23554 3a43d MultiByteToWideChar 23554->23553 23556 3a456 23554->23556 23555->23557 23573 3aa3c 23556->23573 23557->23553 23557->23554 23561 3a480 23561->23553 23564 3aa3c __vsnwprintf_l 11 API calls 23561->23564 23562 3a4b8 23563 38838 __vsnwprintf_l 21 API calls 23562->23563 23566 3a4d9 __vsnwprintf_l 23562->23566 23563->23566 23564->23553 23565 3a54e 23581 3a5d0 20 API calls _free 23565->23581 23566->23565 23567 3aa3c __vsnwprintf_l 11 API calls 23566->23567 23569 3a52d 23567->23569 23569->23565 23570 3a53c WideCharToMultiByte 23569->23570 23570->23565 23571 3a57c 23570->23571 23583 3a5d0 20 API calls _free 23571->23583 23584 3a768 23573->23584 23577 3aaac LCMapStringW 23578 3aa6c 23577->23578 23579 2eefa TranslatorGuardHandler 5 API calls 23578->23579 23580 3a46d 23579->23580 23580->23553 23580->23561 23580->23562 23581->23553 23582->23550 23583->23553 23585 3a794 23584->23585 23586 3a798 23584->23586 23585->23586 23587 3a7b8 23585->23587 23592 3a804 23585->23592 23586->23578 23591 3aac4 10 API calls 3 library calls 23586->23591 23587->23586 23589 3a7c4 GetProcAddress 23587->23589 23590 3a7d4 __crt_fast_encode_pointer 23589->23590 23590->23586 23591->23577 23593 3a825 LoadLibraryExW 23592->23593 23594 3a81a 23592->23594 23595 3a842 GetLastError 23593->23595 23597 3a85a 23593->23597 23594->23585 23595->23597 23598 3a84d LoadLibraryExW 23595->23598 23596 3a871 FreeLibrary 23596->23594 23597->23594 23597->23596 23598->23597 23599->23486 23702 2e630 23600->23702 23603 203cb GetProcAddress 23606 203e4 23603->23606 23607 203fc GetProcAddress 23603->23607 23604 2042f 23605 2075f GetModuleFileNameW 23604->23605 23714 373cd 42 API calls 2 library calls 23604->23714 23620 2077e 23605->23620 23606->23607 23607->23604 23608 2040e 23607->23608 23608->23604 23610 20699 23610->23605 23611 206a4 GetModuleFileNameW CreateFileW 23610->23611 23612 20753 CloseHandle 23611->23612 23613 206d7 SetFilePointer 23611->23613 23612->23605 23613->23612 23614 206e7 ReadFile 23613->23614 23614->23612 23617 20706 23614->23617 23617->23612 23619 20360 3 API calls 23617->23619 23618 207ad CompareStringW 23618->23620 23619->23617 23620->23618 23621 207e3 GetFileAttributesW 23620->23621 23622 207fb 23620->23622 23704 1aee5 23620->23704 23707 20360 23620->23707 23621->23620 23621->23622 23623 20805 23622->23623 23625 2083b 23622->23625 23626 2081d GetFileAttributesW 23623->23626 23627 20835 23623->23627 23624 2094a 23648 2a004 GetCurrentDirectoryW 23624->23648 23625->23624 23628 1aee5 GetVersionExW 23625->23628 23626->23623 23626->23627 23627->23625 23629 20855 23628->23629 23630 208c2 23629->23630 23631 2085c 23629->23631 23632 13f8f _swprintf 51 API calls 23630->23632 23633 20360 3 API calls 23631->23633 23634 208ea AllocConsole 23632->23634 23635 20866 23633->23635 23636 20942 ExitProcess 23634->23636 23637 208f7 GetCurrentProcessId AttachConsole 23634->23637 23638 20360 3 API calls 23635->23638 23718 33883 23637->23718 23640 20870 23638->23640 23715 1e0ac 23640->23715 23641 20918 GetStdHandle WriteConsoleW Sleep FreeConsole 23641->23636 23644 13f8f _swprintf 51 API calls 23645 2089e 23644->23645 23646 1e0ac 53 API calls 23645->23646 23647 208ad 23646->23647 23647->23636 23648->23280 23650 20360 3 API calls 23649->23650 23651 2a5da OleInitialize 23650->23651 23652 2a5fd GdiplusStartup SHGetMalloc 23651->23652 23652->23282 23654 216ef IsDBCSLeadByte 23653->23654 23654->23654 23655 21707 23654->23655 23655->23284 23660 2bf1e 23656->23660 23657 2c034 23657->23293 23657->23294 23658 21ab5 CharUpperW 23658->23660 23660->23657 23660->23658 23755 1ef88 83 API calls ___scrt_fastfail 23660->23755 23662 2e630 23661->23662 23663 2d551 SetEnvironmentVariableW 23662->23663 23665 2d574 23663->23665 23664 2d59c 23664->23286 23665->23664 23666 2d590 SetEnvironmentVariableW 23665->23666 23666->23664 23756 13f62 23667->23756 23670 2b07d LoadBitmapW 23671 2b0a5 23670->23671 23672 2b09e 23670->23672 23674 2b0ba 23671->23674 23675 2b0ab GetObjectW 23671->23675 23790 2a07c FindResourceW 23672->23790 23785 29f7a 23674->23785 23675->23674 23678 2b110 23689 1d5dc 23678->23689 23679 2b0ec 23806 29fba GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23679->23806 23680 2a07c 13 API calls 23682 2b0dd 23680->23682 23682->23679 23684 2b0e3 DeleteObject 23682->23684 23683 2b0f4 23807 29f99 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23683->23807 23684->23679 23686 2b0fd 23808 2a1bd 8 API calls ___scrt_fastfail 23686->23808 23688 2b104 DeleteObject 23688->23678 23819 1d601 23689->23819 23691 1d5e8 23859 1dd29 GetModuleHandleW FindResourceW 23691->23859 23694 28a75 23956 2e512 23694->23956 23698 2a65d GdiplusShutdown CoUninitialize 23697->23698 23698->23322 23700->23314 23701->23320 23703 203b4 GetModuleHandleW 23702->23703 23703->23603 23703->23604 23705 1aef9 GetVersionExW 23704->23705 23706 1af35 23704->23706 23705->23706 23706->23620 23708 2e630 23707->23708 23709 2036d GetSystemDirectoryW 23708->23709 23710 203a3 23709->23710 23711 20385 23709->23711 23710->23620 23720 1bb55 23711->23720 23713 20396 LoadLibraryW 23713->23710 23714->23610 23732 1e0da 23715->23732 23719 3388b 23718->23719 23719->23641 23719->23719 23721 1bb62 23720->23721 23724 1b9f6 23721->23724 23723 1bb80 23723->23713 23727 1ffe4 23724->23727 23728 1fff4 23727->23728 23729 1ba04 23727->23729 23731 21ab5 CharUpperW 23728->23731 23729->23723 23731->23729 23738 1d54a 23732->23738 23735 1e0d7 23735->23644 23736 1e0fd LoadStringW 23736->23735 23737 1e114 LoadStringW 23736->23737 23737->23735 23743 1d483 23738->23743 23740 1d567 23741 1d57c 23740->23741 23751 1d588 26 API calls 23740->23751 23741->23735 23741->23736 23744 1d49e 23743->23744 23750 1d497 _strncpy 23743->23750 23746 1d4c2 23744->23746 23752 218ae WideCharToMultiByte 23744->23752 23749 1d4f3 23746->23749 23753 1e046 50 API calls __vsnprintf 23746->23753 23754 35bc9 26 API calls 3 library calls 23749->23754 23750->23740 23751->23741 23752->23746 23753->23749 23754->23750 23755->23660 23757 13f79 __vsnwprintf_l 23756->23757 23760 35a44 23757->23760 23763 33b07 23760->23763 23764 33b47 23763->23764 23765 33b2f 23763->23765 23764->23765 23766 33b4f 23764->23766 23780 38c7a 20 API calls _free 23765->23780 23768 340a6 __fassign 38 API calls 23766->23768 23770 33b5f 23768->23770 23769 33b34 23781 38b59 26 API calls pre_c_initialization 23769->23781 23782 34071 20 API calls 2 library calls 23770->23782 23773 2eefa TranslatorGuardHandler 5 API calls 23774 13f83 SetEnvironmentVariableW GetModuleHandleW LoadIconW 23773->23774 23774->23670 23775 33bd7 23783 34456 51 API calls 3 library calls 23775->23783 23778 33be2 23784 34129 20 API calls _free 23778->23784 23779 33b3f 23779->23773 23780->23769 23781->23779 23782->23775 23783->23778 23784->23779 23809 29f99 GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23785->23809 23787 29f81 23789 29f8d 23787->23789 23810 29fba GetDC GetDeviceCaps GetDeviceCaps ReleaseDC 23787->23810 23789->23678 23789->23679 23789->23680 23791 2a09e SizeofResource 23790->23791 23792 2a0d0 23790->23792 23791->23792 23793 2a0b2 LoadResource 23791->23793 23792->23671 23793->23792 23794 2a0c3 LockResource 23793->23794 23794->23792 23795 2a0d7 GlobalAlloc 23794->23795 23795->23792 23796 2a0f2 GlobalLock 23795->23796 23797 2a181 GlobalFree 23796->23797 23798 2a101 __vsnwprintf_l 23796->23798 23797->23792 23799 2a109 CreateStreamOnHGlobal 23798->23799 23800 2a121 23799->23800 23801 2a17a GlobalUnlock 23799->23801 23811 29fdb GdipAlloc 23800->23811 23801->23797 23804 2a165 23804->23801 23805 2a14f GdipCreateHBITMAPFromBitmap 23805->23804 23806->23683 23807->23686 23808->23688 23809->23787 23810->23789 23812 29ffa 23811->23812 23813 29fed 23811->23813 23812->23801 23812->23804 23812->23805 23815 29d6f 23813->23815 23816 29d90 GdipCreateBitmapFromStreamICM 23815->23816 23817 29d97 GdipCreateBitmapFromStream 23815->23817 23818 29d9c 23816->23818 23817->23818 23818->23812 23820 1d60b __EH_prolog 23819->23820 23821 1d63a GetModuleFileNameW 23820->23821 23822 1d66b 23820->23822 23823 1d654 23821->23823 23861 19b50 23822->23861 23823->23822 23826 1d6c7 23872 35d80 26 API calls 3 library calls 23826->23872 23829 1dcec 78 API calls 23831 1d69b 23829->23831 23830 1d6da 23873 35d80 26 API calls 3 library calls 23830->23873 23831->23826 23831->23829 23843 1d8e7 23831->23843 23833 1d823 23833->23843 23898 19ed0 79 API calls 23833->23898 23837 1d83d ___std_exception_copy 23838 19d90 82 API calls 23837->23838 23837->23843 23841 1d866 ___std_exception_copy 23838->23841 23840 1d6ec 23840->23833 23840->23843 23874 19fe0 23840->23874 23889 19d90 23840->23889 23897 19ed0 79 API calls 23840->23897 23841->23843 23856 1d872 ___std_exception_copy 23841->23856 23899 21692 MultiByteToWideChar 23841->23899 23882 197f0 23843->23882 23844 1d9eb 23900 1d13a 78 API calls 23844->23900 23846 1dcca 23905 1d13a 78 API calls 23846->23905 23848 1da31 23901 35d80 26 API calls 3 library calls 23848->23901 23849 1dcba 23849->23691 23851 1da02 23851->23848 23853 1dcec 78 API calls 23851->23853 23852 1da4b 23902 35d80 26 API calls 3 library calls 23852->23902 23853->23851 23855 218ae WideCharToMultiByte 23855->23856 23856->23843 23856->23844 23856->23846 23856->23849 23856->23855 23903 1e046 50 API calls __vsnprintf 23856->23903 23904 35bc9 26 API calls 3 library calls 23856->23904 23860 1d5ef 23859->23860 23860->23694 23862 19b5a 23861->23862 23863 19bd9 CreateFileW 23862->23863 23864 19bf9 GetLastError 23863->23864 23865 19c4a 23863->23865 23906 1b85c 23864->23906 23867 19c81 23865->23867 23869 19c67 SetFileTime 23865->23869 23867->23831 23868 19c19 23868->23865 23870 19c1d CreateFileW GetLastError 23868->23870 23869->23867 23871 19c41 23870->23871 23871->23865 23872->23830 23873->23840 23875 1a004 SetFilePointer 23874->23875 23878 19ff3 23874->23878 23876 1a022 GetLastError 23875->23876 23877 1a03d 23875->23877 23876->23877 23879 1a02c 23876->23879 23877->23840 23878->23877 23917 16f92 77 API calls 23878->23917 23879->23877 23918 16f92 77 API calls 23879->23918 23883 19814 23882->23883 23884 19825 23882->23884 23883->23884 23885 19820 23883->23885 23886 19827 23883->23886 23884->23691 23919 199b7 23885->23919 23924 19870 23886->23924 23890 19d9c 23889->23890 23892 19da3 23889->23892 23890->23840 23892->23890 23893 19e3e 23892->23893 23895 19e60 23892->23895 23939 199ee 23892->23939 23893->23890 23951 16f51 77 API calls 23893->23951 23895->23890 23896 199ee 5 API calls 23895->23896 23896->23895 23897->23840 23898->23837 23899->23856 23900->23851 23901->23852 23902->23843 23903->23856 23904->23856 23905->23849 23907 1b869 23906->23907 23908 1b9f6 CharUpperW 23907->23908 23915 1b873 23907->23915 23909 1b882 23908->23909 23916 1ba22 CharUpperW 23909->23916 23911 1b891 23912 1b895 23911->23912 23913 1b90c GetCurrentDirectoryW 23911->23913 23914 1b9f6 CharUpperW 23912->23914 23913->23915 23914->23915 23915->23868 23916->23911 23917->23875 23918->23877 23920 199c0 23919->23920 23921 199c4 23919->23921 23920->23884 23921->23920 23930 1a320 23921->23930 23925 1989a 23924->23925 23926 1987c 23924->23926 23927 198b9 23925->23927 23938 16e07 76 API calls 23925->23938 23926->23925 23928 19888 CloseHandle 23926->23928 23927->23884 23928->23925 23931 2e630 23930->23931 23932 1a32d DeleteFileW 23931->23932 23933 1a340 23932->23933 23934 199ec 23932->23934 23935 1b85c 2 API calls 23933->23935 23934->23884 23936 1a354 23935->23936 23936->23934 23937 1a358 DeleteFileW 23936->23937 23937->23934 23938->23927 23940 19a07 ReadFile 23939->23940 23941 199fc GetStdHandle 23939->23941 23942 19a20 23940->23942 23943 19a40 23940->23943 23941->23940 23952 19b29 23942->23952 23943->23892 23945 19a27 23946 19a35 23945->23946 23947 19a57 23945->23947 23948 19a48 GetLastError 23945->23948 23950 199ee GetFileType 23946->23950 23947->23943 23949 19a67 GetLastError 23947->23949 23948->23943 23948->23947 23949->23943 23949->23946 23950->23943 23951->23890 23953 19b32 GetFileType 23952->23953 23954 19b2f 23952->23954 23955 19b40 23953->23955 23954->23945 23955->23945 23958 2e517 ___std_exception_copy 23956->23958 23957 28a94 23957->23306 23958->23957 23962 3749d 7 API calls 2 library calls 23958->23962 23963 2ef7e RaiseException __CxxThrowException@8 new 23958->23963 23964 2ef61 RaiseException Concurrency::cancel_current_task __CxxThrowException@8 23958->23964 23962->23958 23966 37701 _abort 23965->23966 23968 3784f _abort GetModuleHandleW 23966->23968 23973 37719 23966->23973 23969 3770d 23968->23969 23969->23973 23999 37893 GetModuleHandleExW 23969->23999 23970 377bf 23988 377ff 23970->23988 23987 3a701 EnterCriticalSection 23973->23987 23974 37721 23974->23970 23976 37796 23974->23976 24007 3821f 20 API calls _abort 23974->24007 23977 377ae 23976->23977 23981 38511 _abort 5 API calls 23976->23981 23982 38511 _abort 5 API calls 23977->23982 23978 37808 24008 41ce9 5 API calls TranslatorGuardHandler 23978->24008 23979 377dc 23991 3780e 23979->23991 23981->23977 23982->23970 23987->23974 24009 3a751 LeaveCriticalSection 23988->24009 23990 377d8 23990->23978 23990->23979 24010 3ab46 23991->24010 23994 3783c 23997 37893 _abort 8 API calls 23994->23997 23995 3781c GetPEB 23995->23994 23996 3782c GetCurrentProcess TerminateProcess 23995->23996 23996->23994 23998 37844 ExitProcess 23997->23998 24000 378e0 23999->24000 24001 378bd GetProcAddress 23999->24001 24003 378e6 FreeLibrary 24000->24003 24004 378ef 24000->24004 24002 378d2 24001->24002 24002->24000 24003->24004 24005 2eefa TranslatorGuardHandler 5 API calls 24004->24005 24006 378f9 24005->24006 24006->23973 24007->23976 24009->23990 24011 3ab6b 24010->24011 24013 3ab61 24010->24013 24012 3a768 _free 5 API calls 24011->24012 24012->24013 24014 2eefa TranslatorGuardHandler 5 API calls 24013->24014 24015 37818 24014->24015 24015->23994 24015->23995 25241 28e80 GetClientRect 25242 37c88 55 API calls _free 25292 3798e 52 API calls 2 library calls 25243 16090 83 API calls 25244 3ee91 21 API calls __vsnwprintf_l 24028 2c69e 24029 2c757 24028->24029 24037 2c6bc 24028->24037 24030 2c775 24029->24030 24044 2c0d9 _wcsrchr 24029->24044 24077 2d0df 24029->24077 24033 2d0df 18 API calls 24030->24033 24030->24044 24033->24044 24034 2cd51 24035 21ac4 CompareStringW 24035->24037 24037->24029 24037->24035 24038 2c3ad SetWindowTextW 24038->24044 24040 1bb55 CharUpperW 24040->24044 24044->24034 24044->24038 24044->24040 24045 2c19b SetFileAttributesW 24044->24045 24057 2c1b5 ___scrt_fastfail 24044->24057 24058 21ac4 CompareStringW 24044->24058 24059 2a004 GetCurrentDirectoryW 24044->24059 24061 1a71d 7 API calls 24044->24061 24062 1a6a6 FindClose 24044->24062 24063 2ae2a 76 API calls ___std_exception_copy 24044->24063 24064 338ae 24044->24064 24099 2acc6 ExpandEnvironmentStringsW 24044->24099 24047 2c255 GetFileAttributesW 24045->24047 24045->24057 24047->24044 24049 2c267 DeleteFileW 24047->24049 24049->24044 24051 2c278 24049->24051 24050 2c577 GetDlgItem SetWindowTextW SendMessageW 24050->24057 24052 13f8f _swprintf 51 API calls 24051->24052 24054 2c298 GetFileAttributesW 24052->24054 24053 2c5b7 SendMessageW 24053->24044 24054->24051 24055 2c2ad MoveFileW 24054->24055 24055->24044 24056 2c2c5 MoveFileExW 24055->24056 24056->24044 24057->24044 24057->24047 24057->24050 24057->24053 24060 1b6e7 52 API calls _swprintf 24057->24060 24058->24044 24059->24044 24060->24057 24061->24044 24062->24044 24063->24044 24065 38926 24064->24065 24066 38933 24065->24066 24067 3893e 24065->24067 24068 38838 __vsnwprintf_l 21 API calls 24066->24068 24069 38946 24067->24069 24075 3894f _free 24067->24075 24073 3893b 24068->24073 24070 387fe _free 20 API calls 24069->24070 24070->24073 24071 38954 24100 38c7a 20 API calls _free 24071->24100 24072 38979 RtlReAllocateHeap 24072->24073 24072->24075 24073->24044 24075->24071 24075->24072 24101 3749d 7 API calls 2 library calls 24075->24101 24079 2d0e9 ___scrt_fastfail 24077->24079 24078 2d347 24078->24030 24079->24078 24080 2d1d8 24079->24080 24105 21ac4 CompareStringW 24079->24105 24102 1a373 24080->24102 24084 2d20c ShellExecuteExW 24084->24078 24089 2d21f 24084->24089 24086 2d204 24086->24084 24087 2d258 24107 2d5a3 6 API calls 24087->24107 24088 2d2ae CloseHandle 24090 2d2bc 24088->24090 24095 2d2c7 24088->24095 24089->24087 24089->24088 24091 2d24e ShowWindow 24089->24091 24108 21ac4 CompareStringW 24090->24108 24091->24087 24094 2d33e ShowWindow 24094->24078 24095->24078 24095->24094 24096 2d270 24096->24088 24097 2d283 GetExitCodeProcess 24096->24097 24097->24088 24098 2d296 24097->24098 24098->24088 24099->24044 24100->24073 24101->24075 24109 1a387 24102->24109 24105->24080 24106 1b429 GetFullPathNameW GetFullPathNameW GetCurrentDirectoryW CharUpperW 24106->24086 24107->24096 24108->24095 24110 2e630 24109->24110 24111 1a394 GetFileAttributesW 24110->24111 24112 1a3a5 24111->24112 24113 1a37c 24111->24113 24114 1b85c 2 API calls 24112->24114 24113->24084 24113->24106 24115 1a3b9 24114->24115 24115->24113 24116 1a3bd GetFileAttributesW 24115->24116 24116->24113 25247 3baa0 GetProcessHeap 25248 39ea0 21 API calls _free 25250 2eea7 20 API calls 24189 113a7 85 API calls 3 library calls 25296 2c0d9 108 API calls 3 library calls 25251 2ecb0 46 API calls 5 library calls 25297 29db0 GdipDisposeImage GdipFree pre_c_initialization 25298 419b0 CloseHandle 25253 2eebb 28 API calls 2 library calls 25254 25eb8 122 API calls __vsnwprintf_l 25299 2c0d9 103 API calls 3 library calls 25256 2a6c0 73 API calls 24217 2e4c1 24218 2e4cb 24217->24218 24219 2e221 ___delayLoadHelper2@8 19 API calls 24218->24219 24220 2e4d8 24219->24220 24221 3a6c0 24222 3a6cb 24221->24222 24224 3a6f4 24222->24224 24225 3a6f0 24222->24225 24227 3a9da 24222->24227 24234 3a720 DeleteCriticalSection 24224->24234 24228 3a768 _free 5 API calls 24227->24228 24229 3aa01 24228->24229 24230 3aa1f InitializeCriticalSectionAndSpinCount 24229->24230 24231 3aa0a 24229->24231 24230->24231 24232 2eefa TranslatorGuardHandler 5 API calls 24231->24232 24233 3aa36 24232->24233 24233->24222 24234->24225 24235 393c0 24243 3a87f 24235->24243 24238 393d4 24241 393e9 24244 3a768 _free 5 API calls 24243->24244 24245 3a8a6 24244->24245 24246 3a8be TlsAlloc 24245->24246 24249 3a8af 24245->24249 24246->24249 24247 2eefa TranslatorGuardHandler 5 API calls 24248 393ca 24247->24248 24248->24238 24250 39339 GetLastError 24248->24250 24249->24247 24251 39352 24250->24251 24252 39358 24250->24252 24270 3a92b 11 API calls 2 library calls 24251->24270 24254 388c9 _free 17 API calls 24252->24254 24256 393af SetLastError 24252->24256 24255 3936a 24254->24255 24257 39372 24255->24257 24271 3a981 11 API calls 2 library calls 24255->24271 24259 393b8 24256->24259 24261 387fe _free 17 API calls 24257->24261 24259->24241 24269 393f0 11 API calls 24259->24269 24260 39387 24260->24257 24263 3938e 24260->24263 24262 39378 24261->24262 24264 393a6 SetLastError 24262->24264 24272 3911b 20 API calls _free 24263->24272 24264->24259 24266 39399 24267 387fe _free 17 API calls 24266->24267 24268 3939f 24267->24268 24268->24256 24268->24264 24269->24238 24270->24252 24271->24260 24272->24266 24278 1a0cf 24279 1a0e4 24278->24279 24280 1a0dd 24278->24280 24281 1a0ea GetStdHandle 24279->24281 24285 1a0f5 24279->24285 24281->24285 24282 1a149 WriteFile 24282->24285 24283 1a11a 24284 1a11c WriteFile 24283->24284 24283->24285 24284->24283 24284->24285 24285->24280 24285->24282 24285->24283 24285->24284 24287 1a1d1 24285->24287 24289 16ddc 78 API calls 24285->24289 24290 170d6 77 API calls 24287->24290 24289->24285 24290->24280 25302 2ddd2 19 API calls ___delayLoadHelper2@8 25257 116d0 86 API calls 25258 272d0 117 API calls 25303 3a1d0 21 API calls 25304 2c0d9 98 API calls 3 library calls 24293 110d5 24298 15b57 24293->24298 24299 15b61 __EH_prolog 24298->24299 24305 1b26d 24299->24305 24301 15b6d 24311 15d4c GetCurrentProcess GetProcessAffinityMask 24301->24311 24306 1b277 __EH_prolog 24305->24306 24312 1ed5b 83 API calls 24306->24312 24308 1b289 24313 1b385 24308->24313 24312->24308 24314 1b397 ___scrt_fastfail 24313->24314 24317 20c23 24314->24317 24320 20be3 GetCurrentProcess GetProcessAffinityMask 24317->24320 24321 1b2ff 24320->24321 24321->24301 25260 21cf0 26 API calls std::bad_exception::bad_exception 25261 2eef0 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___security_init_cookie 25307 29df0 GdipCloneImage GdipAlloc 25262 332f0 5 API calls 2 library calls 25210 19cf9 25211 19d77 25210->25211 25214 19d03 25210->25214 25212 19d4d SetFilePointer 25212->25211 25213 19d6d GetLastError 25212->25213 25213->25211 25214->25212

                                                                                                          Executed Functions

                                                                                                          Function 0002D891 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 197filesleeptimeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                            • Part of subcall function 000203AA: GetModuleHandleW.KERNEL32(kernel32), ref: 000203BF
                                                                                                            • Part of subcall function 000203AA: GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 000203D1
                                                                                                            • Part of subcall function 000203AA: GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00020402
                                                                                                            • Part of subcall function 0002A004: GetCurrentDirectoryW.KERNEL32(?,?), ref: 0002A00C
                                                                                                            • Part of subcall function 0002A5C6: OleInitialize.OLE32(00000000), ref: 0002A5DF
                                                                                                            • Part of subcall function 0002A5C6: GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0002A616
                                                                                                            • Part of subcall function 0002A5C6: SHGetMalloc.SHELL32(00058430), ref: 0002A620
                                                                                                            • Part of subcall function 000216CB: GetCPInfo.KERNEL32(00000000,?), ref: 000216DC
                                                                                                            • Part of subcall function 000216CB: IsDBCSLeadByte.KERNEL32(00000000), ref: 000216F0
                                                                                                          • GetCommandLineW.KERNEL32 ref: 0002D8D9
                                                                                                          • OpenFileMappingW.KERNEL32(000F001F,00000000,winrarsfxmappingfile.tmp), ref: 0002D900
                                                                                                          • MapViewOfFile.KERNEL32(00000000,000F001F,00000000,00000000,00007104), ref: 0002D911
                                                                                                          • UnmapViewOfFile.KERNEL32(00000000), ref: 0002D94B
                                                                                                            • Part of subcall function 0002D544: SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0002D55A
                                                                                                            • Part of subcall function 0002D544: SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0002D596
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0002D954
                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,0006DC90,00000800), ref: 0002D96F
                                                                                                          • SetEnvironmentVariableW.KERNEL32(sfxname,0006DC90), ref: 0002D97B
                                                                                                          • GetLocalTime.KERNEL32(?), ref: 0002D986
                                                                                                          • _swprintf.LIBCMT ref: 0002D9C5
                                                                                                          • SetEnvironmentVariableW.KERNEL32(sfxstime,?), ref: 0002D9D7
                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 0002D9DE
                                                                                                          • LoadIconW.USER32(00000000,00000064), ref: 0002D9F5
                                                                                                          • DialogBoxParamW.USER32(00000000,STARTDLG,00000000,Function_0001B170,00000000), ref: 0002DA46
                                                                                                          • Sleep.KERNEL32(?), ref: 0002DA74
                                                                                                          • DeleteObject.GDI32 ref: 0002DAAD
                                                                                                          • DeleteObject.GDI32(?), ref: 0002DABD
                                                                                                          • CloseHandle.KERNEL32 ref: 0002DB00
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnvironmentFileHandleVariable$Module$AddressCloseDeleteObjectProcView$ByteCommandCurrentDialogDirectoryGdiplusIconInfoInitializeLeadLineLoadLocalMallocMappingNameOpenParamSleepStartupTimeUnmap_swprintf
                                                                                                          • String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$C:\Users\user\Desktop$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
                                                                                                          • API String ID: 788466649-2656992072
                                                                                                          • Opcode ID: b62f522c1396d6cb0a2ed59933666d8191a65f38f5c1478308c7ff2b5a390f34
                                                                                                          • Instruction ID: 9b04ab7e8042802a07fd2c30529d799e05d59e9cba6af99db603e0c1a72cbecf
                                                                                                          • Opcode Fuzzy Hash: b62f522c1396d6cb0a2ed59933666d8191a65f38f5c1478308c7ff2b5a390f34
                                                                                                          • Instruction Fuzzy Hash: 1D61D3B5904360AFE321AB74FC49F6B77ECAB45705F04042AF945A61A2DFBC8D44CB62
                                                                                                          Function 0002A07C Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 100memorywindowCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 615 2a07c-2a098 FindResourceW 616 2a09e-2a0b0 SizeofResource 615->616 617 2a18f-2a192 615->617 618 2a0b2-2a0c1 LoadResource 616->618 619 2a0d0-2a0d2 616->619 618->619 620 2a0c3-2a0ce LockResource 618->620 621 2a18e 619->621 620->619 622 2a0d7-2a0ec GlobalAlloc 620->622 621->617 623 2a0f2-2a0fb GlobalLock 622->623 624 2a188-2a18d 622->624 625 2a181-2a182 GlobalFree 623->625 626 2a101-2a11f call 2f750 CreateStreamOnHGlobal 623->626 624->621 625->624 629 2a121-2a143 call 29fdb 626->629 630 2a17a-2a17b GlobalUnlock 626->630 629->630 635 2a145-2a14d 629->635 630->625 636 2a168-2a176 635->636 637 2a14f-2a163 GdipCreateHBITMAPFromBitmap 635->637 636->630 637->636 638 2a165 637->638 638->636
                                                                                                          APIs
                                                                                                          • FindResourceW.KERNEL32(0002B0DD,PNG,?,?,?,0002B0DD,00000066), ref: 0002A08E
                                                                                                          • SizeofResource.KERNEL32(00000000,00000000,?,?,?,0002B0DD,00000066), ref: 0002A0A6
                                                                                                          • LoadResource.KERNEL32(00000000,?,?,?,0002B0DD,00000066), ref: 0002A0B9
                                                                                                          • LockResource.KERNEL32(00000000,?,?,?,0002B0DD,00000066), ref: 0002A0C4
                                                                                                          • GlobalAlloc.KERNELBASE(00000002,00000000,?,?,?,?,?,0002B0DD,00000066), ref: 0002A0E2
                                                                                                          • GlobalLock.KERNEL32(00000000), ref: 0002A0F3
                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000000,?), ref: 0002A117
                                                                                                          • GdipCreateHBITMAPFromBitmap.GDIPLUS(?,?,00FFFFFF), ref: 0002A15C
                                                                                                          • GlobalUnlock.KERNEL32(00000000), ref: 0002A17B
                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 0002A182
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$Resource$CreateLock$AllocBitmapFindFreeFromGdipLoadSizeofStreamUnlock
                                                                                                          • String ID: PNG
                                                                                                          • API String ID: 3656887471-364855578
                                                                                                          • Opcode ID: c3ca661d882f2d1337e59b840a19896f031f20fd578155262eefbe5bd1ad94e8
                                                                                                          • Instruction ID: e033feec4f54d788574243153e6f4e36b14a0ad108fcca8fa1e5245f1de8832e
                                                                                                          • Opcode Fuzzy Hash: c3ca661d882f2d1337e59b840a19896f031f20fd578155262eefbe5bd1ad94e8
                                                                                                          • Instruction Fuzzy Hash: DB31C4B5200726AFE7119F21ED49E2BBBACFF86761F100528F905D2260EF35DC10CA65
                                                                                                          Function 0001A7E7 Relevance: 7.6, APIs: 5, Instructions: 107fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 824 1a7e7-1a812 call 2e630 827 1a884-1a88d FindNextFileW 824->827 828 1a814-1a825 FindFirstFileW 824->828 831 1a8a3-1a8a5 827->831 832 1a88f-1a89d GetLastError 827->832 829 1a8ab-1a94f call 20131 call 1beff call 210e9 * 3 828->829 830 1a82b-1a842 call 1b85c 828->830 834 1a954-1a967 829->834 839 1a844-1a85b FindFirstFileW 830->839 840 1a85d-1a866 GetLastError 830->840 831->829 831->834 832->831 839->829 839->840 842 1a877 840->842 843 1a868-1a86b 840->843 846 1a879-1a87f 842->846 843->842 845 1a86d-1a870 843->845 845->842 848 1a872-1a875 845->848 846->834 848->846
                                                                                                          APIs
                                                                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,0001A6E2,000000FF,?,?), ref: 0001A81B
                                                                                                          • FindFirstFileW.KERNELBASE(?,?,?,?,00000800,?,?,?,?,0001A6E2,000000FF,?,?), ref: 0001A851
                                                                                                          • GetLastError.KERNEL32(?,?,00000800,?,?,?,?,0001A6E2,000000FF,?,?), ref: 0001A85D
                                                                                                          • FindNextFileW.KERNEL32(?,?,?,?,?,?,0001A6E2,000000FF,?,?), ref: 0001A885
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,0001A6E2,000000FF,?,?), ref: 0001A891
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileFind$ErrorFirstLast$Next
                                                                                                          • String ID:
                                                                                                          • API String ID: 869497890-0
                                                                                                          • Opcode ID: 4234bf41d09034959c421dc704661fb9f001979369d43dcb45238e705838b1a1
                                                                                                          • Instruction ID: 9217c108ff2107750152df7fb74bcfed0b787c00512ffe0aea25d4a9459f3fac
                                                                                                          • Opcode Fuzzy Hash: 4234bf41d09034959c421dc704661fb9f001979369d43dcb45238e705838b1a1
                                                                                                          • Instruction Fuzzy Hash: 7841A676605281AFC364EF74C884ADAF7E8BF49340F000A2AF599D3201D774A995CB92
                                                                                                          Function 0003780E Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32(?,?,000377E4,?,0004BAD8,0000000C,0003793B,?,00000002,00000000), ref: 0003782F
                                                                                                          • TerminateProcess.KERNEL32(00000000,?,000377E4,?,0004BAD8,0000000C,0003793B,?,00000002,00000000), ref: 00037836
                                                                                                          • ExitProcess.KERNEL32 ref: 00037848
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Process$CurrentExitTerminate
                                                                                                          • String ID:
                                                                                                          • API String ID: 1703294689-0
                                                                                                          • Opcode ID: 2a1b54f889933ed4c66d1df9a060da32a355aef2b5f49b69b3ea85bbf72c4b02
                                                                                                          • Instruction ID: be3714bf3ccb795d57d343f2b8794c22f514d20d9de5d23e91a0cbffee815741
                                                                                                          • Opcode Fuzzy Hash: 2a1b54f889933ed4c66d1df9a060da32a355aef2b5f49b69b3ea85bbf72c4b02
                                                                                                          • Instruction Fuzzy Hash: A5E04FB9140104ABDF126F54DE0CA887FAEEF06741F004020F9084A133CB39DE42CA84
                                                                                                          Function 00018709 Relevance: 3.9, APIs: 2, Instructions: 948COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog_memcmp
                                                                                                          • String ID:
                                                                                                          • API String ID: 3004599000-0
                                                                                                          • Opcode ID: dd7b54356c73a4df21a3844ad18a3992e648bdeb58232e6ae56eae6fd6c7bb77
                                                                                                          • Instruction ID: 5da0f0fa3c0b40bb680b93cecdbe4eb1bc6a44bde7f4d104d3832cdad906b73c
                                                                                                          • Opcode Fuzzy Hash: dd7b54356c73a4df21a3844ad18a3992e648bdeb58232e6ae56eae6fd6c7bb77
                                                                                                          • Instruction Fuzzy Hash: 6C82F930904285AEDF65DB60C895BFEB7F9AF05300F0881BAE9599B183DB315BC5CB61
                                                                                                          Function 00026887 Relevance: .3, Instructions: 325COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 3c5fcad5c3ca5a7061284cbbb2fc9a863743897c87c0e39b80888418f6e0e438
                                                                                                          • Instruction ID: 7ee8bf88994eac70e4cc03937a54e49adb9e2deb42abc5059e07d0a95cb1d8bf
                                                                                                          • Opcode Fuzzy Hash: 3c5fcad5c3ca5a7061284cbbb2fc9a863743897c87c0e39b80888418f6e0e438
                                                                                                          • Instruction Fuzzy Hash: 0FD126B1A043518FCB14CF28E8817ABBBE4FF85308F04456DE8859B242D735E958CBDA
                                                                                                          Function 0002B170 Relevance: 98.7, APIs: 47, Strings: 9, Instructions: 725COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 0002B175
                                                                                                            • Part of subcall function 0001130B: GetDlgItem.USER32(00000000,00003021), ref: 0001134F
                                                                                                            • Part of subcall function 0001130B: SetWindowTextW.USER32(00000000,000435B4), ref: 00011365
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prologItemTextWindow
                                                                                                          • String ID: "%s"%s$-el -s2 "-d%s" "-sp%s"$<$@$C:\Users\user\Desktop$LICENSEDLG$STARTDLG$__tmp_rar_sfx_access_check_%u$winrarsfxmappingfile.tmp
                                                                                                          • API String ID: 810644672-3472986185
                                                                                                          • Opcode ID: 203f61adfea2c85b9205134fd51ad0d846fba0183908ccff3c2517790ebc1a6c
                                                                                                          • Instruction ID: 422aedff7590a221ff5c89964f199e50e5e5f462732891a818ee1934991ce44b
                                                                                                          • Opcode Fuzzy Hash: 203f61adfea2c85b9205134fd51ad0d846fba0183908ccff3c2517790ebc1a6c
                                                                                                          • Instruction Fuzzy Hash: 2742C370944364AEFB21ABA0EC4AFFF7BBCAB05701F404154FA45B6192CBBC5984CB61
                                                                                                          Function 000203AA Relevance: 51.1, APIs: 22, Strings: 7, Instructions: 317libraryfileloaderCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 257 203aa-203c9 call 2e630 GetModuleHandleW 260 203cb-203e2 GetProcAddress 257->260 261 2042f-2068d 257->261 264 203e4-203fa 260->264 265 203fc-2040c GetProcAddress 260->265 262 20693-2069e call 373cd 261->262 263 2075f-2078e GetModuleFileNameW call 1be89 call 20131 261->263 262->263 274 206a4-206d5 GetModuleFileNameW CreateFileW 262->274 279 20790-2079a call 1aee5 263->279 264->265 265->261 266 2040e-2042d 265->266 266->261 276 20753-2075a CloseHandle 274->276 277 206d7-206e5 SetFilePointer 274->277 276->263 277->276 280 206e7-20704 ReadFile 277->280 286 207a7 279->286 287 2079c-207a0 call 20360 279->287 280->276 282 20706-2072b 280->282 283 20748-20751 call 1feb3 282->283 283->276 294 2072d-20747 call 20360 283->294 289 207a9-207ab 286->289 291 207a5 287->291 292 207cd-207f3 call 1beff GetFileAttributesW 289->292 293 207ad-207cb CompareStringW 289->293 291->289 296 207f5-207f9 292->296 301 207fd 292->301 293->292 293->296 294->283 296->279 300 207fb 296->300 302 20801-20803 300->302 301->302 303 20805 302->303 304 2083b-2083d 302->304 307 20807-2082d call 1beff GetFileAttributesW 303->307 305 20843-2085a call 1bed3 call 1aee5 304->305 306 2094a-20954 304->306 317 208c2-208f5 call 13f8f AllocConsole 305->317 318 2085c-208bd call 20360 * 2 call 1e0ac call 13f8f call 1e0ac call 2a195 305->318 312 20837 307->312 313 2082f-20833 307->313 312->304 313->307 315 20835 313->315 315->304 323 20942-20944 ExitProcess 317->323 324 208f7-2093c GetCurrentProcessId AttachConsole call 33883 GetStdHandle WriteConsoleW Sleep FreeConsole 317->324 318->323 324->323
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(kernel32), ref: 000203BF
                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDllDirectoryW), ref: 000203D1
                                                                                                          • GetProcAddress.KERNEL32(00000000,SetDefaultDllDirectories), ref: 00020402
                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 000206AF
                                                                                                          • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000206CB
                                                                                                          • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 000206DD
                                                                                                          • ReadFile.KERNEL32(00000000,?,00007FFE,00043BA4,00000000), ref: 000206FC
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00020754
                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800), ref: 0002076A
                                                                                                          • CompareStringW.KERNEL32(00000400,00001001,?,?,DXGIDebug.dll,?,?,00000000,?,00000800), ref: 000207C2
                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,00000000,?,00000800), ref: 000207EB
                                                                                                          • GetFileAttributesW.KERNEL32(?,?,?,00000800), ref: 00020825
                                                                                                            • Part of subcall function 00020360: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0002037B
                                                                                                            • Part of subcall function 00020360: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0001EE61,Crypt32.dll,00000000,0001EEE5,?,?,0001EEC7,?,?,?), ref: 0002039D
                                                                                                          • _swprintf.LIBCMT ref: 00020899
                                                                                                          • _swprintf.LIBCMT ref: 000208E5
                                                                                                            • Part of subcall function 00013F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00013FA2
                                                                                                          • AllocConsole.KERNEL32 ref: 000208ED
                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 000208F7
                                                                                                          • AttachConsole.KERNEL32(00000000), ref: 000208FE
                                                                                                          • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000), ref: 00020924
                                                                                                          • WriteConsoleW.KERNEL32(00000000), ref: 0002092B
                                                                                                          • Sleep.KERNEL32(00002710), ref: 00020936
                                                                                                          • FreeConsole.KERNEL32 ref: 0002093C
                                                                                                          • ExitProcess.KERNEL32 ref: 00020944
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$Console$HandleModule$AddressAttributesNameProcProcess_swprintf$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadPointerReadSleepStringSystemWrite__vswprintf_c_l
                                                                                                          • String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$SetDefaultDllDirectories$SetDllDirectoryW$dwmapi.dll$kernel32$uxtheme.dll
                                                                                                          • API String ID: 1201351596-3298887752
                                                                                                          • Opcode ID: bc6d3af890177a17dcafca00afcd76bcf1daa307ff5f8fa91075e9da7175863f
                                                                                                          • Instruction ID: 384861d3ad31e1e57778218c54ac204c1f0f2884a64632592433d982e18b034a
                                                                                                          • Opcode Fuzzy Hash: bc6d3af890177a17dcafca00afcd76bcf1daa307ff5f8fa91075e9da7175863f
                                                                                                          • Instruction Fuzzy Hash: 61D171F1508394ABD330DF50E849BDFBBE8FB85704F50192CF68996151CBB89648CB6A
                                                                                                          Function 0001D601 Relevance: 21.6, APIs: 3, Strings: 9, Instructions: 555COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 406 1d601-1d638 call 2e554 call 2e630 call 3181a 413 1d66b-1d674 call 20131 406->413 414 1d63a-1d669 GetModuleFileNameW call 1be89 call 20109 406->414 418 1d679-1d69d call 197b6 call 19b50 413->418 414->418 425 1da60-1da66 call 197f0 418->425 426 1d6a3-1d6ab 418->426 431 1da6b-1da7b 425->431 428 1d6c9-1d6f8 call 35d80 * 2 426->428 429 1d6ad-1d6c5 call 1dcec * 2 426->429 440 1d6fb-1d6fe 428->440 439 1d6c7 429->439 439->428 441 1d704-1d70a call 19fe0 440->441 442 1d82c-1d84f call 19ed0 call 338a3 440->442 446 1d70f-1d736 call 19d90 441->446 442->425 451 1d855-1d870 call 19d90 442->451 452 1d7f5-1d7f8 446->452 453 1d73c-1d744 446->453 463 1d872-1d877 451->463 464 1d879-1d88c call 338a3 451->464 454 1d7fb-1d81d call 19ed0 452->454 456 1d746-1d74e 453->456 457 1d76f-1d77a 453->457 454->440 474 1d823-1d826 454->474 456->457 458 1d750-1d76a call 361b0 456->458 460 1d7a5-1d7ad 457->460 461 1d77c-1d788 457->461 478 1d7eb-1d7f3 458->478 479 1d76c 458->479 468 1d7d9-1d7dd 460->468 469 1d7af-1d7b7 460->469 461->460 467 1d78a-1d78f 461->467 471 1d8b1-1d8b8 463->471 464->425 484 1d892-1d8ae call 21692 call 3389e 464->484 467->460 475 1d791-1d7a3 call 35af8 467->475 468->452 470 1d7df-1d7e2 468->470 469->468 476 1d7b9-1d7d3 call 361b0 469->476 470->453 481 1d8ba 471->481 482 1d8bc-1d8e5 call 200d6 call 338a3 471->482 474->425 474->442 475->460 489 1d7e7 475->489 476->425 476->468 478->454 479->457 481->482 495 1d8f3-1d909 482->495 496 1d8e7-1d8ee call 3389e 482->496 484->471 489->478 499 1d9f1-1da17 call 1d13a call 3389e * 2 495->499 500 1d90f-1d91d 495->500 496->425 531 1da31-1da5d call 35d80 * 2 499->531 532 1da19-1da2f call 1dcec * 2 499->532 502 1d924-1d929 500->502 504 1dc3c-1dc44 502->504 505 1d92f-1d938 502->505 509 1d9eb-1d9ee 504->509 510 1dc4a-1dc4e 504->510 507 1d944-1d94b 505->507 508 1d93a-1d93e 505->508 512 1d951-1d976 507->512 513 1db40-1db51 call 1ff9a 507->513 508->504 508->507 509->499 514 1dc50-1dc56 510->514 515 1dc9e-1dca4 510->515 520 1d979-1d99e call 33883 call 35af8 512->520 533 1db57-1db80 call 20131 call 35b75 513->533 534 1dc36-1dc39 513->534 521 1d9e2-1d9e5 514->521 522 1dc5c-1dc63 514->522 518 1dca6-1dcac 515->518 519 1dcca-1dcea call 1d13a 515->519 518->519 525 1dcae-1dcb4 518->525 544 1dcc2-1dcc5 519->544 558 1d9a0-1d9aa 520->558 559 1d9b6 520->559 521->502 521->509 528 1dc65-1dc68 522->528 529 1dc8a 522->529 525->521 536 1dcba-1dcc1 525->536 539 1dc86-1dc88 528->539 540 1dc6a-1dc6d 528->540 535 1dc8c-1dc99 529->535 531->425 532->531 533->534 566 1db86-1dbfc call 218ae call 200d6 call 200af call 200d6 call 35bc9 533->566 534->504 535->521 536->544 539->535 546 1dc82-1dc84 540->546 547 1dc6f-1dc72 540->547 546->535 548 1dc74-1dc78 547->548 549 1dc7e-1dc80 547->549 548->525 554 1dc7a-1dc7c 548->554 549->535 554->535 558->559 560 1d9ac-1d9b4 558->560 561 1d9b9-1d9bd 559->561 560->561 561->520 565 1d9bf-1d9c6 561->565 567 1d9cc-1d9da call 200d6 565->567 568 1da7e-1da81 565->568 598 1dc0a-1dc1f 566->598 599 1dbfe-1dc07 566->599 573 1d9df 567->573 568->513 572 1da87-1da8e 568->572 575 1da90-1da94 572->575 576 1da96-1da97 572->576 573->521 575->576 577 1da99-1daa7 575->577 576->572 579 1daa9-1daac 577->579 580 1dac8-1daf0 call 218ae 577->580 582 1dac5 579->582 583 1daae-1dac3 579->583 589 1db13-1db1b 580->589 590 1daf2-1db0e call 338b9 580->590 582->580 583->579 583->582 593 1db22-1db3b call 1e046 589->593 594 1db1d 589->594 590->573 593->573 594->593 601 1dc20-1dc27 598->601 599->598 602 1dc33-1dc34 601->602 603 1dc29-1dc2d 601->603 602->601 603->573 603->602
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 0001D606
                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000800,?,?,?,0001D5E8,?), ref: 0001D642
                                                                                                          • __fprintf_l.LIBCMT ref: 0001DB33
                                                                                                            • Part of subcall function 00021692: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0001B842,00000000,?,?,?,0001047C), ref: 000216AE
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharFileH_prologModuleMultiNameWide__fprintf_l
                                                                                                          • String ID: $ ,$$%s:$*messages***$*messages***$@%s:$R$RTL$a
                                                                                                          • API String ID: 1867786338-980926923
                                                                                                          • Opcode ID: 129298566ef5d657ac7d3c40810d07fffff2ac3f005bac0d023854dadca161a3
                                                                                                          • Instruction ID: 5f883725c4a2a92790a5a659ec03d1e342910991e7dba149d53dcd26aa0cbd6c
                                                                                                          • Opcode Fuzzy Hash: 129298566ef5d657ac7d3c40810d07fffff2ac3f005bac0d023854dadca161a3
                                                                                                          • Instruction Fuzzy Hash: 1B12C3B1900319AADF25DFA4DC95BEEB7B5FF14300F10456AF505A7192EB709A80CB64
                                                                                                          Function 0002CE1E Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 97windowCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 604 2ce1e-2ce4a call 2af04 GetDlgItem 607 2ce80-2ceba SendMessageW * 2 604->607 608 2ce4c-2ce79 call 28c2e ShowWindow SendMessageW * 2 604->608 610 2cedb-2cf0c SendMessageW * 3 607->610 611 2cebc-2ced7 607->611 608->607 612 2cf31-2cf47 SendMessageW 610->612 613 2cf0e-2cf2b SendMessageW 610->613 611->610 613->612
                                                                                                          APIs
                                                                                                            • Part of subcall function 0002AF04: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0002AF15
                                                                                                            • Part of subcall function 0002AF04: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0002AF26
                                                                                                            • Part of subcall function 0002AF04: IsDialogMessageW.USER32(0001047C,?), ref: 0002AF3A
                                                                                                            • Part of subcall function 0002AF04: TranslateMessage.USER32(?), ref: 0002AF48
                                                                                                            • Part of subcall function 0002AF04: DispatchMessageW.USER32(?), ref: 0002AF52
                                                                                                          • GetDlgItem.USER32(00000068,0006ECB0), ref: 0002CE32
                                                                                                          • ShowWindow.USER32(00000000,00000005,?,?,?,0002A8C2,00000001,?,?,0002B15B,00044F88,0006ECB0,0006ECB0,00001000,00000000,00000000), ref: 0002CE5A
                                                                                                          • SendMessageW.USER32(00000000,000000B1,00000000,000000FF), ref: 0002CE65
                                                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,000435B4), ref: 0002CE73
                                                                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0002CE89
                                                                                                          • SendMessageW.USER32(00000000,0000043A,00000000,?), ref: 0002CEA3
                                                                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0002CEE7
                                                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,?), ref: 0002CEF5
                                                                                                          • SendMessageW.USER32(00000000,000000B1,05F5E100,05F5E100), ref: 0002CF04
                                                                                                          • SendMessageW.USER32(00000000,00000444,00000001,0000005C), ref: 0002CF2B
                                                                                                          • SendMessageW.USER32(00000000,000000C2,00000000,0004431C), ref: 0002CF3A
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
                                                                                                          • String ID: \
                                                                                                          • API String ID: 3569833718-2967466578
                                                                                                          • Opcode ID: 6677bd826da328c55c83e8adf17351ff11cd6227dd6244a3be2141dd05bdc0b1
                                                                                                          • Instruction ID: 599fd3a281ee58bf4e36d4c90d08d4df2ade56e2b0a1c30569fc75a1539118cd
                                                                                                          • Opcode Fuzzy Hash: 6677bd826da328c55c83e8adf17351ff11cd6227dd6244a3be2141dd05bdc0b1
                                                                                                          • Instruction Fuzzy Hash: 0231F471145740BFF3119F20EC49FAF7FACFBA2705F400518FA41A61A1CB6C59448BA6
                                                                                                          Function 0002D0DF Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 179COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 640 2d0df-2d0f7 call 2e630 643 2d348-2d350 640->643 644 2d0fd-2d109 call 33883 640->644 644->643 647 2d10f-2d137 call 2f5f0 644->647 650 2d141-2d14e 647->650 651 2d139 647->651 652 2d152-2d15b 650->652 653 2d150 650->653 651->650 654 2d193 652->654 655 2d15d-2d15f 652->655 653->652 657 2d197-2d19a 654->657 656 2d167-2d16a 655->656 658 2d170-2d178 656->658 659 2d2f9-2d2fe 656->659 660 2d1a1-2d1a3 657->660 661 2d19c-2d19f 657->661 662 2d312-2d31a 658->662 663 2d17e-2d184 658->663 664 2d2f3-2d2f7 659->664 665 2d300 659->665 666 2d1b6-2d1cb call 1b683 660->666 667 2d1a5-2d1ac 660->667 661->660 661->666 670 2d322-2d32a 662->670 671 2d31c-2d31e 662->671 663->662 668 2d18a-2d191 663->668 664->659 669 2d305-2d309 664->669 665->669 675 2d1e4-2d1ef call 1a373 666->675 676 2d1cd-2d1da call 21ac4 666->676 667->666 672 2d1ae 667->672 668->654 668->656 669->662 670->657 671->670 672->666 682 2d1f1-2d208 call 1b429 675->682 683 2d20c-2d219 ShellExecuteExW 675->683 676->675 681 2d1dc 676->681 681->675 682->683 685 2d347 683->685 686 2d21f-2d22c 683->686 685->643 688 2d22e-2d235 686->688 689 2d23f-2d241 686->689 688->689 690 2d237-2d23d 688->690 691 2d243-2d24c 689->691 692 2d258-2d277 call 2d5a3 689->692 690->689 693 2d2ae-2d2ba CloseHandle 690->693 691->692 698 2d24e-2d256 ShowWindow 691->698 692->693 710 2d279-2d281 692->710 696 2d2cb-2d2d9 693->696 697 2d2bc-2d2c9 call 21ac4 693->697 699 2d336-2d338 696->699 700 2d2db-2d2dd 696->700 697->696 708 2d32f 697->708 698->692 699->685 705 2d33a-2d33c 699->705 700->699 703 2d2df-2d2e5 700->703 703->699 709 2d2e7-2d2f1 703->709 705->685 707 2d33e-2d341 ShowWindow 705->707 707->685 708->699 709->699 710->693 711 2d283-2d294 GetExitCodeProcess 710->711 711->693 712 2d296-2d2a0 711->712 713 2d2a2 712->713 714 2d2a7 712->714 713->714 714->693
                                                                                                          APIs
                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 0002D211
                                                                                                          • ShowWindow.USER32(?,00000000), ref: 0002D250
                                                                                                          • GetExitCodeProcess.KERNEL32(?,?), ref: 0002D28C
                                                                                                          • CloseHandle.KERNELBASE(?), ref: 0002D2B2
                                                                                                          • ShowWindow.USER32(?,00000001), ref: 0002D341
                                                                                                            • Part of subcall function 00021AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0001B250,?,?,?,0001B1FE,?,-00000002,?,00000000,?), ref: 00021ADA
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ShowWindow$CloseCodeCompareExecuteExitHandleProcessShellString
                                                                                                          • String ID: $.exe$.inf
                                                                                                          • API String ID: 3686203788-2452507128
                                                                                                          • Opcode ID: 267c7cee14330b5a2752b581b88dfe34306e26a1d17323165375bec3841ef004
                                                                                                          • Instruction ID: b39f56268d4ca021a9837597e90a0d3b5aa61beb092674e3613af20b2e60ecf5
                                                                                                          • Opcode Fuzzy Hash: 267c7cee14330b5a2752b581b88dfe34306e26a1d17323165375bec3841ef004
                                                                                                          • Instruction Fuzzy Hash: 9B61A2705043E0ABE771DF14E904AABBBF9AF91304F04481BE5C497152D7B9CD89CB92
                                                                                                          Function 0003A368 Relevance: 9.2, APIs: 6, Instructions: 216COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 715 3a368-3a381 716 3a383-3a393 call 3e9bc 715->716 717 3a397-3a39c 715->717 716->717 727 3a395 716->727 718 3a3a9-3a3cd MultiByteToWideChar 717->718 719 3a39e-3a3a6 717->719 721 3a3d3-3a3df 718->721 722 3a560-3a573 call 2eefa 718->722 719->718 724 3a433 721->724 725 3a3e1-3a3f2 721->725 731 3a435-3a437 724->731 728 3a411-3a422 call 38838 725->728 729 3a3f4-3a403 call 41d00 725->729 727->717 732 3a555 728->732 743 3a428 728->743 729->732 742 3a409-3a40f 729->742 731->732 733 3a43d-3a450 MultiByteToWideChar 731->733 737 3a557-3a55e call 3a5d0 732->737 733->732 736 3a456-3a468 call 3aa3c 733->736 744 3a46d-3a471 736->744 737->722 746 3a42e-3a431 742->746 743->746 744->732 747 3a477-3a47e 744->747 746->731 748 3a480-3a485 747->748 749 3a4b8-3a4c4 747->749 748->737 750 3a48b-3a48d 748->750 751 3a510 749->751 752 3a4c6-3a4d7 749->752 750->732 753 3a493-3a4ad call 3aa3c 750->753 754 3a512-3a514 751->754 755 3a4f2-3a503 call 38838 752->755 756 3a4d9-3a4e8 call 41d00 752->756 753->737 770 3a4b3 753->770 759 3a516-3a52f call 3aa3c 754->759 760 3a54e-3a554 call 3a5d0 754->760 755->760 769 3a505 755->769 756->760 768 3a4ea-3a4f0 756->768 759->760 773 3a531-3a538 759->773 760->732 772 3a50b-3a50e 768->772 769->772 770->732 772->754 774 3a574-3a57a 773->774 775 3a53a-3a53b 773->775 776 3a53c-3a54c WideCharToMultiByte 774->776 775->776 776->760 777 3a57c-3a583 call 3a5d0 776->777 777->737
                                                                                                          APIs
                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,0003526B,0003526B,?,?,?,0003A5B9,00000001,00000001,8FE85006), ref: 0003A3C2
                                                                                                          • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,0003A5B9,00000001,00000001,8FE85006,?,?,?), ref: 0003A448
                                                                                                          • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8FE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 0003A542
                                                                                                          • __freea.LIBCMT ref: 0003A54F
                                                                                                            • Part of subcall function 00038838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00033CF6,?,0000015D,?,?,?,?,000351D2,000000FF,00000000,?,?), ref: 0003886A
                                                                                                          • __freea.LIBCMT ref: 0003A558
                                                                                                          • __freea.LIBCMT ref: 0003A57D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1414292761-0
                                                                                                          • Opcode ID: 8e004413f7a64ad8040a8504fdd549291550d80482e59053dfb303d0920ffd04
                                                                                                          • Instruction ID: 406354df4dda31c7c64fcff37a8f85a9db18520007e04e57bfa2f6f01f4c6ba0
                                                                                                          • Opcode Fuzzy Hash: 8e004413f7a64ad8040a8504fdd549291550d80482e59053dfb303d0920ffd04
                                                                                                          • Instruction Fuzzy Hash: A051DD72B00616AFEF268F64CC45EAF7BADEB46750F154628FC45D6181EB34DC80C662
                                                                                                          Function 0002A558 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 36COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 780 2a558-2a577 GetClassNameW 781 2a579-2a58e call 21ac4 780->781 782 2a59f-2a5a1 780->782 787 2a590-2a59c FindWindowExW 781->787 788 2a59e 781->788 784 2a5a3-2a5a5 782->784 785 2a5ac-2a5b0 782->785 784->785 787->788 788->782
                                                                                                          APIs
                                                                                                          • GetClassNameW.USER32(?,?,00000050), ref: 0002A56F
                                                                                                          • SHAutoComplete.SHLWAPI(?,00000010), ref: 0002A5A6
                                                                                                            • Part of subcall function 00021AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0001B250,?,?,?,0001B1FE,?,-00000002,?,00000000,?), ref: 00021ADA
                                                                                                          • FindWindowExW.USER32(?,00000000,EDIT,00000000), ref: 0002A596
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AutoClassCompareCompleteFindNameStringWindow
                                                                                                          • String ID: @Ut$EDIT
                                                                                                          • API String ID: 4243998846-2065656831
                                                                                                          • Opcode ID: c4f31249c3ce517d180879aa817d4eee3e06035a94b361c71fd7e4b50fbd300c
                                                                                                          • Instruction ID: f67fa1818bc6a54b36915d1023b57b0bfad9755debb754f0ce19c9859d1d16b9
                                                                                                          • Opcode Fuzzy Hash: c4f31249c3ce517d180879aa817d4eee3e06035a94b361c71fd7e4b50fbd300c
                                                                                                          • Instruction Fuzzy Hash: EDF08932B4173867E7305665AC05FDB76AC9B46B10F050155BD08B6181D7689A41C5F6
                                                                                                          Function 0002A5C6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 35comCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          APIs
                                                                                                            • Part of subcall function 00020360: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0002037B
                                                                                                            • Part of subcall function 00020360: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0001EE61,Crypt32.dll,00000000,0001EEE5,?,?,0001EEC7,?,?,?), ref: 0002039D
                                                                                                          • OleInitialize.OLE32(00000000), ref: 0002A5DF
                                                                                                          • GdiplusStartup.GDIPLUS(?,?,00000000), ref: 0002A616
                                                                                                          • SHGetMalloc.SHELL32(00058430), ref: 0002A620
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DirectoryGdiplusInitializeLibraryLoadMallocStartupSystem
                                                                                                          • String ID: riched20.dll$3so
                                                                                                          • API String ID: 3498096277-1543193245
                                                                                                          • Opcode ID: 392bb22d5331bbed1ba3cfab83bdf7939647ed8304fe59bbf85de3384d4800dd
                                                                                                          • Instruction ID: 2316e96915dce6673d153459ac2d2004ddcaa76f168582e3a0156f00e37803cc
                                                                                                          • Opcode Fuzzy Hash: 392bb22d5331bbed1ba3cfab83bdf7939647ed8304fe59bbf85de3384d4800dd
                                                                                                          • Instruction Fuzzy Hash: 3DF0FFB1D0021DABDB10AF99D8499EFFBFCEF54715F00415AE914E2201DBB856458BA1
                                                                                                          Function 00019B50 Relevance: 7.6, APIs: 5, Instructions: 117filetimeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 793 19b50-19b71 call 2e630 796 19b73-19b76 793->796 797 19b7c 793->797 796->797 798 19b78-19b7a 796->798 799 19b7e-19b9b 797->799 798->799 800 19ba3-19bad 799->800 801 19b9d 799->801 802 19bb2-19bd1 call 17119 800->802 803 19baf 800->803 801->800 806 19bd3 802->806 807 19bd9-19bf7 CreateFileW 802->807 803->802 806->807 808 19bf9-19c1b GetLastError call 1b85c 807->808 809 19c5b-19c60 807->809 818 19c4a-19c4f 808->818 819 19c1d-19c3f CreateFileW GetLastError 808->819 811 19c81-19c95 809->811 812 19c62-19c65 809->812 815 19cb3-19cbe 811->815 816 19c97-19caf call 20131 811->816 812->811 814 19c67-19c7b SetFileTime 812->814 814->811 816->815 818->809 823 19c51 818->823 821 19c41 819->821 822 19c45-19c48 819->822 821->822 822->809 822->818 823->809
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNELBASE(?,?,?,00000000,00000003,?,00000000,?,00000000,?,?,0001797C,?,00000005,?,00000011), ref: 00019BEC
                                                                                                          • GetLastError.KERNEL32(?,?,0001797C,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00019BF9
                                                                                                          • CreateFileW.KERNEL32(?,?,?,00000000,00000003,?,00000000,?,?,00000800,?,?,0001797C,?,00000005,?), ref: 00019C2E
                                                                                                          • GetLastError.KERNEL32(?,?,0001797C,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00019C36
                                                                                                          • SetFileTime.KERNEL32(00000000,00000000,000000FF,00000000,?,0001797C,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 00019C7B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$CreateErrorLast$Time
                                                                                                          • String ID:
                                                                                                          • API String ID: 1999340476-0
                                                                                                          • Opcode ID: 7d004797deab1519b540e3539f1af22df3e06f9120eb2a37624df2e56c79e669
                                                                                                          • Instruction ID: 5d14a28c4de0e28c4157df1538530e9e63028cf2239785d680cdc5bee2af4d82
                                                                                                          • Opcode Fuzzy Hash: 7d004797deab1519b540e3539f1af22df3e06f9120eb2a37624df2e56c79e669
                                                                                                          • Instruction Fuzzy Hash: 494163309487426BE7308F24DD5ABDABBE0BB05324F200719F9E5821D1D3B8A8C8CBD5
                                                                                                          Function 00039339 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 852 39339-39350 GetLastError 853 39352-3935c call 3a92b 852->853 854 3935e-39365 call 388c9 852->854 853->854 859 393af-393b6 SetLastError 853->859 858 3936a-39370 854->858 860 39372 858->860 861 3937b-39389 call 3a981 858->861 863 393b8-393bd 859->863 864 39373-39379 call 387fe 860->864 868 3938b-3938c 861->868 869 3938e-393a4 call 3911b call 387fe 861->869 870 393a6-393ad SetLastError 864->870 868->864 869->859 869->870 870->863
                                                                                                          APIs
                                                                                                          • GetLastError.KERNEL32(?,?,?,00038C7F,0003891B,?,000392E3,00000001,00000364,?,00033B5F,?,?,00050F50), ref: 0003933E
                                                                                                          • _free.LIBCMT ref: 00039373
                                                                                                          • _free.LIBCMT ref: 0003939A
                                                                                                          • SetLastError.KERNEL32(00000000,?,00050F50), ref: 000393A7
                                                                                                          • SetLastError.KERNEL32(00000000,?,00050F50), ref: 000393B0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$_free
                                                                                                          • String ID:
                                                                                                          • API String ID: 3170660625-0
                                                                                                          • Opcode ID: 6844ee1f9e3e4ce5a5484f756d7b8a73616d00727942b19b846d5d1d0a341e83
                                                                                                          • Instruction ID: 32afd6fa0ba71c92f8ba2bd199c6457e2ff8ed0469d3ba26ef465a3cc9c86f6a
                                                                                                          • Opcode Fuzzy Hash: 6844ee1f9e3e4ce5a5484f756d7b8a73616d00727942b19b846d5d1d0a341e83
                                                                                                          • Instruction Fuzzy Hash: 7B01F9F66457003A93233775BD85B5B26AD9BC33B0F310125F645A21D3DEB98A015129
                                                                                                          Function 0002AF04 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 875 2af04-2af1d PeekMessageW 876 2af58-2af5c 875->876 877 2af1f-2af33 GetMessageW 875->877 878 2af44-2af52 TranslateMessage DispatchMessageW 877->878 879 2af35-2af42 IsDialogMessageW 877->879 878->876 879->876 879->878
                                                                                                          APIs
                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0002AF15
                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0002AF26
                                                                                                          • IsDialogMessageW.USER32(0001047C,?), ref: 0002AF3A
                                                                                                          • TranslateMessage.USER32(?), ref: 0002AF48
                                                                                                          • DispatchMessageW.USER32(?), ref: 0002AF52
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$DialogDispatchPeekTranslate
                                                                                                          • String ID:
                                                                                                          • API String ID: 1266772231-0
                                                                                                          • Opcode ID: 9059489ffb6b265aed647b7798e1e3ffab66886350d56680912cabd82be744e9
                                                                                                          • Instruction ID: feaeb60e64daada3e2acb4bd311b6a42041960dd03b4cbceb9437d2ea4c57992
                                                                                                          • Opcode Fuzzy Hash: 9059489ffb6b265aed647b7798e1e3ffab66886350d56680912cabd82be744e9
                                                                                                          • Instruction Fuzzy Hash: C2F01DB1E01229AB9B209BE2AC4CDEB7FBCEF062517408415B909E2101EA2CD445CBF1
                                                                                                          Function 0002D544 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 880 2d544-2d56f call 2e630 SetEnvironmentVariableW call 1feb3 884 2d574-2d578 880->884 885 2d57a-2d57e 884->885 886 2d59c-2d5a0 884->886 887 2d587-2d58e call 1ffcc 885->887 890 2d580-2d586 887->890 891 2d590-2d596 SetEnvironmentVariableW 887->891 890->887 891->886
                                                                                                          APIs
                                                                                                          • SetEnvironmentVariableW.KERNELBASE(sfxcmd,?), ref: 0002D55A
                                                                                                          • SetEnvironmentVariableW.KERNEL32(sfxpar,-00000002,00000000,?,?,?,00001000), ref: 0002D596
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnvironmentVariable
                                                                                                          • String ID: sfxcmd$sfxpar
                                                                                                          • API String ID: 1431749950-3493335439
                                                                                                          • Opcode ID: 85902b43ee386358a47f6021198de15d535328cce2db802dcd07c9eb72a01407
                                                                                                          • Instruction ID: e0b3f0e46e725289d9e66f34e5faf02e31984981cf0d4ee316b0a4ad306c2e75
                                                                                                          • Opcode Fuzzy Hash: 85902b43ee386358a47f6021198de15d535328cce2db802dcd07c9eb72a01407
                                                                                                          • Instruction Fuzzy Hash: CBF0A7B2800638B7D7205F949C09BFA77D8AF15B41B000166FD4496153D6B18D80DAE4
                                                                                                          Function 0001A49E Relevance: 6.1, APIs: 4, Instructions: 127filetimeCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 892 1a49e-1a4ba call 2e630 895 1a4c7 892->895 896 1a4bc-1a4c5 892->896 897 1a4cb-1a4d4 895->897 896->895 896->897 898 1a4e1 897->898 899 1a4d6-1a4df 897->899 900 1a4e5-1a4ee 898->900 899->898 899->900 901 1a4f0-1a4fa 900->901 902 1a4fc 900->902 901->902 903 1a500-1a513 call 1a387 901->903 902->903 906 1a515-1a517 903->906 907 1a529 903->907 906->907 909 1a519-1a527 call 1a637 906->909 908 1a52b-1a551 CreateFileW 907->908 911 1a553-1a56b call 1b85c 908->911 912 1a59b-1a5a0 908->912 909->908 921 1a571-1a595 CreateFileW 911->921 922 1a62a-1a634 911->922 915 1a5a2-1a5a9 call 20ead 912->915 916 1a5ae-1a5b3 912->916 915->916 919 1a5c1-1a5c6 916->919 920 1a5b5-1a5bc call 20ead 916->920 924 1a5d4-1a618 SetFileTime CloseHandle 919->924 925 1a5c8-1a5cf call 20ead 919->925 920->919 921->912 921->922 924->922 927 1a61a-1a625 call 1a637 924->927 925->924 927->922
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNELBASE(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,?,00000000,?,0001823A,?,?,?), ref: 0001A544
                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,?,?,00000800,?,?,00000000,?,0001823A,?), ref: 0001A588
                                                                                                          • SetFileTime.KERNELBASE(?,00000800,?,00000000,?,?,00000000,?,0001823A,?,?,?,?,?,?,?), ref: 0001A609
                                                                                                          • CloseHandle.KERNEL32(?,?,?,00000000,?,0001823A,?,?,?,?,?,?,?,?,?,?), ref: 0001A610
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$Create$CloseHandleTime
                                                                                                          • String ID:
                                                                                                          • API String ID: 2287278272-0
                                                                                                          • Opcode ID: 6bc8ea782f88d94d5584a2695c7ed4b2d6be3537b65a09a176b078589c22f4cd
                                                                                                          • Instruction ID: a4c9c036cd63014b764f6e499086bbb76e7de517de011e764451b8fcbae1bcdd
                                                                                                          • Opcode Fuzzy Hash: 6bc8ea782f88d94d5584a2695c7ed4b2d6be3537b65a09a176b078589c22f4cd
                                                                                                          • Instruction Fuzzy Hash: 0E41FD30249381AAE731DE24DC55FEFBBE8AF86700F08091DF5D593181D6A89A88DB53
                                                                                                          Function 000199EE Relevance: 6.1, APIs: 4, Instructions: 57fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStdHandle.KERNEL32(000000F6), ref: 000199FE
                                                                                                          • ReadFile.KERNELBASE(?,?,00000001,?,00000000), ref: 00019A16
                                                                                                          • GetLastError.KERNEL32 ref: 00019A48
                                                                                                          • GetLastError.KERNEL32 ref: 00019A67
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$FileHandleRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 2244327787-0
                                                                                                          • Opcode ID: e77e144640631bd3a6ea072d196feaec0c48f4c1dfe9a42e4021d6c25ecd034f
                                                                                                          • Instruction ID: 344b971547119be380113922b7f255e63af212ee4794b21a91d6496381da9999
                                                                                                          • Opcode Fuzzy Hash: e77e144640631bd3a6ea072d196feaec0c48f4c1dfe9a42e4021d6c25ecd034f
                                                                                                          • Instruction Fuzzy Hash: 37117035500104ABDB649B90D925AF93BE8FF01761F908229F86A85190D7769E889FD2
                                                                                                          Function 0003A804 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00033B5F,00000000,00000000,?,0003A7AB,00033B5F,00000000,00000000,00000000,?,0003A9A8,00000006,FlsSetValue), ref: 0003A836
                                                                                                          • GetLastError.KERNEL32(?,0003A7AB,00033B5F,00000000,00000000,00000000,?,0003A9A8,00000006,FlsSetValue,00047348,00047350,00000000,00000364,?,00039387), ref: 0003A842
                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,0003A7AB,00033B5F,00000000,00000000,00000000,?,0003A9A8,00000006,FlsSetValue,00047348,00047350,00000000), ref: 0003A850
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad$ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 3177248105-0
                                                                                                          • Opcode ID: 0d27a3064fe7cbed66b25e4aa33efc6da0cbe40ad13bbdc7e23cdf1b0453d02e
                                                                                                          • Instruction ID: 20485acc72e01c99d19f2c9ba306723568fe19d179b43b7f9240ef546cf5a81d
                                                                                                          • Opcode Fuzzy Hash: 0d27a3064fe7cbed66b25e4aa33efc6da0cbe40ad13bbdc7e23cdf1b0453d02e
                                                                                                          • Instruction Fuzzy Hash: 1C01FC767012229BD7324B79AC44A56BB9CAF077A1F200624FD46D7190DB25D90286D5
                                                                                                          Function 00020B64 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateThread.KERNELBASE(00000000,00010000,Function_00010CA0,?,00000000,00000000), ref: 00020B88
                                                                                                          • SetThreadPriority.KERNEL32(?,00000000), ref: 00020BCF
                                                                                                            • Part of subcall function 00016E68: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00016E86
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Thread$CreatePriority__vswprintf_c_l
                                                                                                          • String ID: CreateThread failed
                                                                                                          • API String ID: 2655393344-3849766595
                                                                                                          • Opcode ID: e7feb99b36bec210162005a267008a365480b37f13b26286d6e57611b9673c47
                                                                                                          • Instruction ID: 586adb2a3c27e725ddba2ab084a5e3cb720415d5b072e09abb91d399a6b2d595
                                                                                                          • Opcode Fuzzy Hash: e7feb99b36bec210162005a267008a365480b37f13b26286d6e57611b9673c47
                                                                                                          • Instruction Fuzzy Hash: 7801F9B63443156FE7355F54FD86FA773E8EB44716F20063DFA46A6182CBE1A8408724
                                                                                                          Function 0001A0CF Relevance: 4.6, APIs: 3, Instructions: 107fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetStdHandle.KERNEL32(000000F5,?,00000001,?,?,0001CE98,00000001,?,?,?,00000000,0002510E,?,?,?), ref: 0001A0EC
                                                                                                          • WriteFile.KERNEL32(?,?,?,00000000,00000000,?,?,00000000,0002510E,?,?,?,?,?,00024BB3,?), ref: 0001A12E
                                                                                                          • WriteFile.KERNELBASE(?,?,?,00000000,00000000,?,?,?,00000001,?,?,0001CE98,00000001,?,?), ref: 0001A158
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileWrite$Handle
                                                                                                          • String ID:
                                                                                                          • API String ID: 4209713984-0
                                                                                                          • Opcode ID: 0325ec508860a0e244b81f3aa7ff4bea3cb61244c00e629191fcef1225f73bb7
                                                                                                          • Instruction ID: c7b0850ffd7d0437769cc8802e46b281ef006961d24a17c67e69ee891311cf3b
                                                                                                          • Opcode Fuzzy Hash: 0325ec508860a0e244b81f3aa7ff4bea3cb61244c00e629191fcef1225f73bb7
                                                                                                          • Instruction Fuzzy Hash: 9631E371309305AFDB218F24DD48BAABBE8EB56710F044519F9459B181CB75DD88CBB3
                                                                                                          Function 0001A3FA Relevance: 4.6, APIs: 3, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateDirectoryW.KERNELBASE(?,00000000,?,?,?,0001A2B3,?,00000001,00000000,?,?), ref: 0001A421
                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000800,?,?,?,?,0001A2B3,?,00000001,00000000,?,?), ref: 0001A454
                                                                                                          • GetLastError.KERNEL32(?,?,?,?,0001A2B3,?,00000001,00000000,?,?), ref: 0001A471
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateDirectory$ErrorLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 2485089472-0
                                                                                                          • Opcode ID: 204d55339a8eb1844f60e6673cb30a86c449f26bd3801207f732a307d1ea4ab2
                                                                                                          • Instruction ID: 76d7c2e652856891bbd2b7ed7bbe1efcd33ea431bcc2f6bbcc7dcbfa609c610f
                                                                                                          • Opcode Fuzzy Hash: 204d55339a8eb1844f60e6673cb30a86c449f26bd3801207f732a307d1ea4ab2
                                                                                                          • Instruction Fuzzy Hash: 0201B17530226467EBB1AAA4AC0EBEE739CAF47740F088441F941D6092C7A8C9C186A7
                                                                                                          Function 0003B303 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 132COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCPInfo.KERNEL32(5EFC4D8B,?,00000005,?,00000000), ref: 0003B328
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Info
                                                                                                          • String ID:
                                                                                                          • API String ID: 1807457897-3916222277
                                                                                                          • Opcode ID: 421bc5b07e6783d45910f3b5332b23947e2b2c17254df7ce28d23282f5a6a196
                                                                                                          • Instruction ID: 62fcb8cedeb185f1696b72a59fe9eacdfd5fc7cc9faef8335ecd2eb7ada243c7
                                                                                                          • Opcode Fuzzy Hash: 421bc5b07e6783d45910f3b5332b23947e2b2c17254df7ce28d23282f5a6a196
                                                                                                          • Instruction Fuzzy Hash: C941F9B050439C9EDB238E24CC85BFABBEDEB55308F1404EDE69A86143D735AA45DF24
                                                                                                          Function 0003AA3C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LCMapStringW.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,8FE85006,00000001,?,000000FF), ref: 0003AAAD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: String
                                                                                                          • String ID: LCMapStringEx
                                                                                                          • API String ID: 2568140703-3893581201
                                                                                                          • Opcode ID: 9f3d114f440b321da6ccc7b6af1c6a044a0880668f07db7dc098e4b538a4941d
                                                                                                          • Instruction ID: 3edc3cdca6a426c075f94e30c6ed5ccbf6f2d47cea10bb4f9368e8a64671fec7
                                                                                                          • Opcode Fuzzy Hash: 9f3d114f440b321da6ccc7b6af1c6a044a0880668f07db7dc098e4b538a4941d
                                                                                                          • Instruction Fuzzy Hash: 4C01257664421DBBCF029FA0DE02DEE7F6AEF09760F018114FE0829161C7768A31EB95
                                                                                                          Function 0003A9DA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 34COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,0003A03F), ref: 0003AA25
                                                                                                          Strings
                                                                                                          • InitializeCriticalSectionEx, xrefs: 0003A9F5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CountCriticalInitializeSectionSpin
                                                                                                          • String ID: InitializeCriticalSectionEx
                                                                                                          • API String ID: 2593887523-3084827643
                                                                                                          • Opcode ID: 9001119ec943123e53773ff4230c0d35073fe57a0d353013dcb54834f11f8fbd
                                                                                                          • Instruction ID: 3f24ec1e21acc73d682befda8ec82c666edec1adaef9fd27956dbd3f4779fe00
                                                                                                          • Opcode Fuzzy Hash: 9001119ec943123e53773ff4230c0d35073fe57a0d353013dcb54834f11f8fbd
                                                                                                          • Instruction Fuzzy Hash: 42F0597574421CBBCF116F20CD05C9E7FA4EF06720F008024FD091A221CB314E10E785
                                                                                                          Function 0003A87F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Alloc
                                                                                                          • String ID: FlsAlloc
                                                                                                          • API String ID: 2773662609-671089009
                                                                                                          • Opcode ID: 283ed90f16dce2e1d469df9ed9df6d7301f5cf40546bce1f622dda5af7959afd
                                                                                                          • Instruction ID: ace84b20c211103e61aee69be722ab1c4b0278dc4d85a6e4efbf5895e9e8d4cf
                                                                                                          • Opcode Fuzzy Hash: 283ed90f16dce2e1d469df9ed9df6d7301f5cf40546bce1f622dda5af7959afd
                                                                                                          • Instruction Fuzzy Hash: 5BE0ABB4B85228ABE7117F64DD02DAEBB98DF17B21F010024FC091B251CE740F0196DE
                                                                                                          Function 00033567 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • try_get_function.LIBVCRUNTIME ref: 0003357C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: try_get_function
                                                                                                          • String ID: FlsAlloc
                                                                                                          • API String ID: 2742660187-671089009
                                                                                                          • Opcode ID: b86876e5aa862879b6c71fb4cd0f0bc7e22313a6449c4a1c2686359b3bc25350
                                                                                                          • Instruction ID: 6e04975ffde4e37d05e81a392d9c1c44caaabdfe7b7ffc9c407d531bc4320934
                                                                                                          • Opcode Fuzzy Hash: b86876e5aa862879b6c71fb4cd0f0bc7e22313a6449c4a1c2686359b3bc25350
                                                                                                          • Instruction Fuzzy Hash: E0D05BA1782B746BD51132956D42ADD7A488701FB3F460171FF0C5F2439655561041DD
                                                                                                          Function 0002E4C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002E4D3
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID: 3so
                                                                                                          • API String ID: 1269201914-3563916355
                                                                                                          • Opcode ID: c5ba04ec99eb79833d02fed2908dab1f832308a478b6be94db7cce9be9e882cd
                                                                                                          • Instruction ID: 980d077e0bfbd90dff1aae763d3b0b3c030c5cf6b04eb86c2807cfbf3ae7d303
                                                                                                          • Opcode Fuzzy Hash: c5ba04ec99eb79833d02fed2908dab1f832308a478b6be94db7cce9be9e882cd
                                                                                                          • Instruction Fuzzy Hash: 5AB012C12DB061FC3308A155FE12C7A011CC7C0B50330DC2FB705D804395445C060036
                                                                                                          Function 0003B660 Relevance: 3.2, APIs: 2, Instructions: 168COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0003B22B: GetOEMCP.KERNEL32(00000000,?,?,0003B4B4,?), ref: 0003B256
                                                                                                          • IsValidCodePage.KERNEL32(-00000030,00000000,?,?,?,?,0003B4F9,?,00000000), ref: 0003B6D4
                                                                                                          • GetCPInfo.KERNEL32(00000000,0003B4F9,?,?,?,0003B4F9,?,00000000), ref: 0003B6E7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CodeInfoPageValid
                                                                                                          • String ID:
                                                                                                          • API String ID: 546120528-0
                                                                                                          • Opcode ID: ed752caf900bc48b6689a6a454c2ee7429e2f81d8a1ddc505eb6f68736e62b95
                                                                                                          • Instruction ID: b1099d9b334f8c493e1fb00527f6f895626fdddee1405e64542fe88332793d19
                                                                                                          • Opcode Fuzzy Hash: ed752caf900bc48b6689a6a454c2ee7429e2f81d8a1ddc505eb6f68736e62b95
                                                                                                          • Instruction Fuzzy Hash: E35146749082559FDB22DF35C8856FBBBECEF81308F14406ED68A8B252D739D545CB90
                                                                                                          Function 00022E9E Relevance: 3.1, APIs: 2, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00023000
                                                                                                          • __CxxThrowException@8.LIBVCRUNTIME ref: 00023018
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Exception@8Throw
                                                                                                          • String ID:
                                                                                                          • API String ID: 2005118841-0
                                                                                                          • Opcode ID: 093377766ae1bcbd2c91f0e8cd189e9661e90355b9ef5c5a5b64d01d2774de6c
                                                                                                          • Instruction ID: 19ac0476aa6a1bc486bd17c52af5bcca9f3fd96e94a1be20c12a95146ad593f3
                                                                                                          • Opcode Fuzzy Hash: 093377766ae1bcbd2c91f0e8cd189e9661e90355b9ef5c5a5b64d01d2774de6c
                                                                                                          • Instruction Fuzzy Hash: D24115B0A08351BBD768EBB4E984BDAF7E4BF54304F04053EE65853142DB74A858C3A5
                                                                                                          Function 000113A7 Relevance: 3.1, APIs: 2, Instructions: 97COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 000113A7
                                                                                                            • Part of subcall function 00015FD7: __EH_prolog.LIBCMT ref: 00015FDC
                                                                                                            • Part of subcall function 0001CA2B: __EH_prolog.LIBCMT ref: 0001CA30
                                                                                                            • Part of subcall function 0001CA2B: new.LIBCMT ref: 0001CA73
                                                                                                            • Part of subcall function 0001CA2B: new.LIBCMT ref: 0001CA97
                                                                                                          • new.LIBCMT ref: 00011420
                                                                                                            • Part of subcall function 0001B26D: __EH_prolog.LIBCMT ref: 0001B272
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 98d3d1ae8516a254999d8d254e662872a4ce1f9f1cbd7516dc152163a019d0bb
                                                                                                          • Instruction ID: 78d8cac20b225117b5965b606550af3b65724e7a91dbb2063c27edaea0854cfd
                                                                                                          • Opcode Fuzzy Hash: 98d3d1ae8516a254999d8d254e662872a4ce1f9f1cbd7516dc152163a019d0bb
                                                                                                          • Instruction Fuzzy Hash: 404136B0905B50DEE724CF798485AE6FBE5FF18300F504A6ED6EE83282DB326594CB11
                                                                                                          Function 000113A2 Relevance: 3.1, APIs: 2, Instructions: 95COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 000113A7
                                                                                                            • Part of subcall function 00015FD7: __EH_prolog.LIBCMT ref: 00015FDC
                                                                                                            • Part of subcall function 0001CA2B: __EH_prolog.LIBCMT ref: 0001CA30
                                                                                                            • Part of subcall function 0001CA2B: new.LIBCMT ref: 0001CA73
                                                                                                            • Part of subcall function 0001CA2B: new.LIBCMT ref: 0001CA97
                                                                                                          • new.LIBCMT ref: 00011420
                                                                                                            • Part of subcall function 0001B26D: __EH_prolog.LIBCMT ref: 0001B272
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: c63db06de51266e280c5c97df7bbe18b6c58fbb7d38383d9548184467aacff03
                                                                                                          • Instruction ID: d4935f2267cd23250aa768e54d324059b08d7666f2a5d4a077baf2ffd236a199
                                                                                                          • Opcode Fuzzy Hash: c63db06de51266e280c5c97df7bbe18b6c58fbb7d38383d9548184467aacff03
                                                                                                          • Instruction Fuzzy Hash: 7C4147B0905B409EE724DF798485AE7FBE5FF18300F504A6ED6EE83282DB326594CB11
                                                                                                          Function 0003B497 Relevance: 3.1, APIs: 2, Instructions: 91COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 000392B5: GetLastError.KERNEL32(?,00050F50,000340E4,00050F50,?,?,00033B5F,?,?,00050F50), ref: 000392B9
                                                                                                            • Part of subcall function 000392B5: _free.LIBCMT ref: 000392EC
                                                                                                            • Part of subcall function 000392B5: SetLastError.KERNEL32(00000000,?,00050F50), ref: 0003932D
                                                                                                            • Part of subcall function 000392B5: _abort.LIBCMT ref: 00039333
                                                                                                            • Part of subcall function 0003B5BE: _abort.LIBCMT ref: 0003B5F0
                                                                                                            • Part of subcall function 0003B5BE: _free.LIBCMT ref: 0003B624
                                                                                                            • Part of subcall function 0003B22B: GetOEMCP.KERNEL32(00000000,?,?,0003B4B4,?), ref: 0003B256
                                                                                                          • _free.LIBCMT ref: 0003B50F
                                                                                                          • _free.LIBCMT ref: 0003B545
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$ErrorLast_abort
                                                                                                          • String ID:
                                                                                                          • API String ID: 2991157371-0
                                                                                                          • Opcode ID: d6343e99f6713e942e7cea1a17be80bc0c644b38c5c2ddf601d064c15e338615
                                                                                                          • Instruction ID: d68dd93a791b5595a6e924adba572d3a725e2ab4ac49d80edc392d305101bbf6
                                                                                                          • Opcode Fuzzy Hash: d6343e99f6713e942e7cea1a17be80bc0c644b38c5c2ddf601d064c15e338615
                                                                                                          • Instruction Fuzzy Hash: 15310831D04608AFDB12EF68D441BADB7F9EF41328F244099F6049B292DF359E40CB50
                                                                                                          Function 000198BE Relevance: 3.1, APIs: 2, Instructions: 86fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,00000000,?,?,?,0001A07C,?,?,00017936), ref: 00019946
                                                                                                          • CreateFileW.KERNELBASE(?,00000000,00000001,00000000,00000002,00000000,00000000,?,?,00000800,?,?,0001A07C,?,?,00017936), ref: 0001997B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 823142352-0
                                                                                                          • Opcode ID: f263822cf7e4d1de9b5c696e50aa8207c139444f32cca0c5ee662b0e249cf513
                                                                                                          • Instruction ID: 820fb15342bd91ab9883a4e03e46fefb657189847560c2bfced79f4675fe1829
                                                                                                          • Opcode Fuzzy Hash: f263822cf7e4d1de9b5c696e50aa8207c139444f32cca0c5ee662b0e249cf513
                                                                                                          • Instruction Fuzzy Hash: 3F2107B1404748AEE7308F14CC55BEBB7E8EF4A764F004A2DF5E5821D1C774AC899B61
                                                                                                          Function 00019F02 Relevance: 3.1, APIs: 2, Instructions: 82timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FlushFileBuffers.KERNEL32(?,?,?,?,?,?,000175F1,?,?,?,?), ref: 00019F1C
                                                                                                          • SetFileTime.KERNELBASE(?,?,?,?), ref: 00019FCC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$BuffersFlushTime
                                                                                                          • String ID:
                                                                                                          • API String ID: 1392018926-0
                                                                                                          • Opcode ID: c9ccbe4cb4feb63a9e32f412c50535baab1e76d60d1af9627cc91bbd4c0dbfb5
                                                                                                          • Instruction ID: 796868a644a9b343b9fa4035163a0aae400b6e852063eaa8308d591df671ab47
                                                                                                          • Opcode Fuzzy Hash: c9ccbe4cb4feb63a9e32f412c50535baab1e76d60d1af9627cc91bbd4c0dbfb5
                                                                                                          • Instruction Fuzzy Hash: 8F21F331258346ABC714CF24C861AEBBBE8AF96304F04092CB4D1C7141C729EA8ECB61
                                                                                                          Function 0003A768 Relevance: 3.1, APIs: 2, Instructions: 65libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0003A7C8
                                                                                                          • __crt_fast_encode_pointer.LIBVCRUNTIME ref: 0003A7D5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc__crt_fast_encode_pointer
                                                                                                          • String ID:
                                                                                                          • API String ID: 2279764990-0
                                                                                                          • Opcode ID: 2c08dd550e21d6a07550de89bb03297d7c68d80ee5e6f2c19318f4ac0ab90b5e
                                                                                                          • Instruction ID: a6d3214496da2d90a267a5ed04e51be3701071cb9c02b7f5193df6f1889c160d
                                                                                                          • Opcode Fuzzy Hash: 2c08dd550e21d6a07550de89bb03297d7c68d80ee5e6f2c19318f4ac0ab90b5e
                                                                                                          • Instruction Fuzzy Hash: 8011E33BB141209FAB27DF28DCC089A73E9AB87370F164220FC55AB244DA34DC4187D2
                                                                                                          Function 00019CF9 Relevance: 3.1, APIs: 2, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFilePointer.KERNELBASE(?,?,?,?,-00001964,?,00000800,-00001964,00019CD5,?,?,00000000,?,?,00018F2A,?), ref: 00019D60
                                                                                                          • GetLastError.KERNEL32 ref: 00019D6D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                          • String ID:
                                                                                                          • API String ID: 2976181284-0
                                                                                                          • Opcode ID: 63728a2568498a404167a907a6f8299728a01823f478991872bda9c7057bcf8c
                                                                                                          • Instruction ID: ce135123c2363f5a81105bc382b873d8a227b134a727ed9d7fab2bccd3e88aea
                                                                                                          • Opcode Fuzzy Hash: 63728a2568498a404167a907a6f8299728a01823f478991872bda9c7057bcf8c
                                                                                                          • Instruction Fuzzy Hash: C001D6763042019B8B1CCF65BDB49FEB399AF85721B14462DF92787291CB34DC859B21
                                                                                                          Function 00019FE0 Relevance: 3.1, APIs: 2, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFilePointer.KERNELBASE(?,00000000,00000000,00000001), ref: 0001A016
                                                                                                          • GetLastError.KERNEL32 ref: 0001A022
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFileLastPointer
                                                                                                          • String ID:
                                                                                                          • API String ID: 2976181284-0
                                                                                                          • Opcode ID: bd62450f288b073e6e7552eb5456bea741dab53d843e96bd3be62138ffaee73c
                                                                                                          • Instruction ID: 0058b38d165b20c43c3cc552fbf36ec8936756f6723112cf92f0ae809bee3206
                                                                                                          • Opcode Fuzzy Hash: bd62450f288b073e6e7552eb5456bea741dab53d843e96bd3be62138ffaee73c
                                                                                                          • Instruction Fuzzy Hash: D001D8717052005FEB359E29DC447EBB7D9AB8E355F14893DB146C3680DA79DC8C8B12
                                                                                                          Function 00038926 Relevance: 3.0, APIs: 2, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _free.LIBCMT ref: 00038947
                                                                                                            • Part of subcall function 00038838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00033CF6,?,0000015D,?,?,?,?,000351D2,000000FF,00000000,?,?), ref: 0003886A
                                                                                                          • RtlReAllocateHeap.NTDLL(00000000,?,?,?,?,00050F50,0001D11F,?,?,?,?,?,?), ref: 00038983
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap$_free
                                                                                                          • String ID:
                                                                                                          • API String ID: 1482568997-0
                                                                                                          • Opcode ID: 92c32b27e10708ea5025a89fa6d747158f253fc0e0c52a818314187eef0edbee
                                                                                                          • Instruction ID: ed89bf920daa581980a4f42c43f67e6f9b9058208abfa949ce38007e8617a649
                                                                                                          • Opcode Fuzzy Hash: 92c32b27e10708ea5025a89fa6d747158f253fc0e0c52a818314187eef0edbee
                                                                                                          • Instruction Fuzzy Hash: 24F0C835101305BBDB6326269C00BBF379C9F82770F2CC197F914A6191DF34D8004762
                                                                                                          Function 00020BE3 Relevance: 3.0, APIs: 2, Instructions: 33COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetCurrentProcess.KERNEL32(?,?), ref: 00020BF0
                                                                                                          • GetProcessAffinityMask.KERNEL32(00000000), ref: 00020BF7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Process$AffinityCurrentMask
                                                                                                          • String ID:
                                                                                                          • API String ID: 1231390398-0
                                                                                                          • Opcode ID: 5af5cc940854447f990ff14b28bbe5affb4048fc8bad985cab7efdafdbe93db6
                                                                                                          • Instruction ID: 01dc80bc3c1c9e549d76f031ffce0c23cfa161e1688164f8750fec4f0d9a5700
                                                                                                          • Opcode Fuzzy Hash: 5af5cc940854447f990ff14b28bbe5affb4048fc8bad985cab7efdafdbe93db6
                                                                                                          • Instruction Fuzzy Hash: 00E092F6A0122AA7DF1887A4BC059EBB3EEDB052007305379E907D3602F934DE4246A4
                                                                                                          Function 0001A637 Relevance: 3.0, APIs: 2, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0001A46D,?,?,?,0001A2B3,?,00000001,00000000,?,?), ref: 0001A64B
                                                                                                          • SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0001A46D,?,?,?,0001A2B3,?,00000001,00000000,?,?), ref: 0001A67C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: 632f00285cece8550216b0dfbc587a2928dcf1d6c348d63e8bb1f2de971b1b40
                                                                                                          • Instruction ID: bea40542b2f8ad61caa0b5a0487b95a563b16b4f1deb685abd760f0a309c786d
                                                                                                          • Opcode Fuzzy Hash: 632f00285cece8550216b0dfbc587a2928dcf1d6c348d63e8bb1f2de971b1b40
                                                                                                          • Instruction Fuzzy Hash: 1AF0A0312512597BEF119F60DC00BE937ACAB05781F088151BC8886161DB368EE8AE54
                                                                                                          Function 0002D830 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ItemText_swprintf
                                                                                                          • String ID:
                                                                                                          • API String ID: 3011073432-0
                                                                                                          • Opcode ID: 57f553d505c7bdbd0b2fd5f2823fac0714484e55290a81b1b5fad5f04c71223c
                                                                                                          • Instruction ID: ad2283a69aed692dbf72499cf96703954c9b419f91773199e3bdbe4dbfc509f8
                                                                                                          • Opcode Fuzzy Hash: 57f553d505c7bdbd0b2fd5f2823fac0714484e55290a81b1b5fad5f04c71223c
                                                                                                          • Instruction Fuzzy Hash: D8F0EC7190435C6BE711BBA0EC06FEF3B5CA704746F0404A5BB01670A3DD7969604761
                                                                                                          Function 0001A320 Relevance: 3.0, APIs: 2, Instructions: 28fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DeleteFileW.KERNELBASE(?,?,?,000199EC,?,?,00019825,?,?,?,?,00041F81,000000FF), ref: 0001A331
                                                                                                          • DeleteFileW.KERNEL32(?,?,?,00000800,?,?,000199EC,?,?,00019825,?,?,?,?,00041F81,000000FF), ref: 0001A35F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DeleteFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 4033686569-0
                                                                                                          • Opcode ID: e68a5e8e14c3bb85b08a70a39f3f3cf5799b261272a631aaad9eb40e4ad15ce9
                                                                                                          • Instruction ID: 83df7184d0d0d00cdeaa8f44eb7b0baddc2c7c12e58ddc3e4de7f4060e3dc307
                                                                                                          • Opcode Fuzzy Hash: e68a5e8e14c3bb85b08a70a39f3f3cf5799b261272a631aaad9eb40e4ad15ce9
                                                                                                          • Instruction Fuzzy Hash: AEE02235A812187BEB109F60DC04FEA33ACBB09782F4800A1BC88C2051DB218ED8AA54
                                                                                                          Function 0002A62E Relevance: 3.0, APIs: 2, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GdiplusShutdown.GDIPLUS(?,?,?,?,00041F81,000000FF), ref: 0002A662
                                                                                                          • CoUninitialize.COMBASE(?,?,?,?,00041F81,000000FF), ref: 0002A667
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: GdiplusShutdownUninitialize
                                                                                                          • String ID:
                                                                                                          • API String ID: 3856339756-0
                                                                                                          • Opcode ID: 8b064cdb413878361d25444023bc0e5fc1b58807d8b9f5de191546f6016d1066
                                                                                                          • Instruction ID: 2221f500fb5a3502f3e8d3c61b9a53d771af40c6c8db71b10df19a05af5b0e64
                                                                                                          • Opcode Fuzzy Hash: 8b064cdb413878361d25444023bc0e5fc1b58807d8b9f5de191546f6016d1066
                                                                                                          • Instruction Fuzzy Hash: 12F06572558654DFC710DB4CDD05B55FBA8FB49B20F00436AF41993760CB786801CB94
                                                                                                          Function 0001A387 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,0001A37C,?,00017776,?,?,?,?), ref: 0001A398
                                                                                                          • GetFileAttributesW.KERNELBASE(?,?,?,00000800,?,0001A37C,?,00017776,?,?,?,?), ref: 0001A3C4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: 81b8c2aa5dfd1a6d0620136db663838c3e9a000a35c27cbc01002da82019b867
                                                                                                          • Instruction ID: e61bd8f6a667452c9d2c140b5d0075d9cb22ef46b2fbc5d94dee0a1db59c620a
                                                                                                          • Opcode Fuzzy Hash: 81b8c2aa5dfd1a6d0620136db663838c3e9a000a35c27cbc01002da82019b867
                                                                                                          • Instruction Fuzzy Hash: 2AE09B355001286BDB50EB64DC04BE9779C9B097E1F0042A2FD54E3195D7709E848ED5
                                                                                                          Function 00020360 Relevance: 3.0, APIs: 2, Instructions: 25libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0002037B
                                                                                                          • LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0001EE61,Crypt32.dll,00000000,0001EEE5,?,?,0001EEC7,?,?,?), ref: 0002039D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DirectoryLibraryLoadSystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 1175261203-0
                                                                                                          • Opcode ID: 7de36e1ed2a306c0f3fba0b502f7c4a8a982380e5637178bb4ac64075281c2ee
                                                                                                          • Instruction ID: bbc2e122240b01311d98a77bff4a401af8743f68f61338a5077fea740266d4e0
                                                                                                          • Opcode Fuzzy Hash: 7de36e1ed2a306c0f3fba0b502f7c4a8a982380e5637178bb4ac64075281c2ee
                                                                                                          • Instruction Fuzzy Hash: C9E0127691126C6BDB11AA94EC48FD677ACEF19382F0400A5B948D2105DB749A848BA4
                                                                                                          Function 00029D6F Relevance: 3.0, APIs: 2, Instructions: 24windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00029D90
                                                                                                          • GdipCreateBitmapFromStream.GDIPLUS(?,?), ref: 00029D97
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: BitmapCreateFromGdipStream
                                                                                                          • String ID:
                                                                                                          • API String ID: 1918208029-0
                                                                                                          • Opcode ID: 5b581c621ce7631a60f54e9d2184e2903b8e88c2ae1da27871016360cf13428c
                                                                                                          • Instruction ID: 6423ea6fce440c52c8361e30e99b0b9d61b6514b6d8cb4fc0ca8a6a85a6a0e9c
                                                                                                          • Opcode Fuzzy Hash: 5b581c621ce7631a60f54e9d2184e2903b8e88c2ae1da27871016360cf13428c
                                                                                                          • Instruction Fuzzy Hash: 37E01275905268EFDB60EF98D501BDDB7F8EB08711F10845BE84993701D7B06E04EB91
                                                                                                          Function 000323FC Relevance: 3.0, APIs: 2, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00033567: try_get_function.LIBVCRUNTIME ref: 0003357C
                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0003241A
                                                                                                          • ___vcrt_uninitialize_ptd.LIBVCRUNTIME ref: 00032425
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value___vcrt____vcrt_uninitialize_ptdtry_get_function
                                                                                                          • String ID:
                                                                                                          • API String ID: 806969131-0
                                                                                                          • Opcode ID: adb50edd760c188d66b62ca0b8036a9e740be9cf324dbbc08bd43fd295209997
                                                                                                          • Instruction ID: c87f36bbe33b3e51a7e92fb1b34a2d211673cd681f293e0d802510ec1686dcde
                                                                                                          • Opcode Fuzzy Hash: adb50edd760c188d66b62ca0b8036a9e740be9cf324dbbc08bd43fd295209997
                                                                                                          • Instruction Fuzzy Hash: EED02234904740A82C5B37797C038CC23CC2B52BB8FB14A96F720CF1C3FE1880816025
                                                                                                          Function 0002DF2E Relevance: 3.0, APIs: 2, Instructions: 13COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DloadLock.DELAYIMP ref: 0002DF3A
                                                                                                          • DloadProtectSection.DELAYIMP ref: 0002DF56
                                                                                                            • Part of subcall function 0002E12F: DloadObtainSection.DELAYIMP ref: 0002E13F
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Dload$Section$LockObtainProtect
                                                                                                          • String ID:
                                                                                                          • API String ID: 731663317-0
                                                                                                          • Opcode ID: 97be39c2cf98ed424aad8e4ffc306976eb8d8a799b10d212b74e0aef62aefe15
                                                                                                          • Instruction ID: 59c9a4f95f6403300afb64ab4f0cb2b26ebfeadbb472d6ce91205b7c76407477
                                                                                                          • Opcode Fuzzy Hash: 97be39c2cf98ed424aad8e4ffc306976eb8d8a799b10d212b74e0aef62aefe15
                                                                                                          • Instruction Fuzzy Hash: EFD0C9749442748AE292A724FE4679822A0B705344FA00722BA1AE61A2CBBC4890C649
                                                                                                          Function 000112E6 Relevance: 3.0, APIs: 2, Instructions: 11COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ItemShowWindow
                                                                                                          • String ID:
                                                                                                          • API String ID: 3351165006-0
                                                                                                          • Opcode ID: 5f92c946e1f046913ebdd581b418e7892d0d014ac5afb267cde280bd50422064
                                                                                                          • Instruction ID: 90cfbb2347ba57b25ed803bd191fbd368d2c3411ba3aac0cc040625ecd95b0bf
                                                                                                          • Opcode Fuzzy Hash: 5f92c946e1f046913ebdd581b418e7892d0d014ac5afb267cde280bd50422064
                                                                                                          • Instruction Fuzzy Hash: DAC01232858200BEDB010BB0DC09C2FBBA8ABA5212F00C918B2A9D0060CA3CC050DB11
                                                                                                          Function 000119C6 Relevance: 1.8, APIs: 1, Instructions: 310COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 3bf998307937cc68227f8c69832a12e93a89a966d0ac6f7e690c170d66679f0f
                                                                                                          • Instruction ID: e377a246e93ee630c1c427dccd43faf4dc4234c083dc6e17f7b5718f771e1fbc
                                                                                                          • Opcode Fuzzy Hash: 3bf998307937cc68227f8c69832a12e93a89a966d0ac6f7e690c170d66679f0f
                                                                                                          • Instruction Fuzzy Hash: 88C1C774A042549FEF59CF68C494BED7BE5EF0A300F0840B9ED469F286CB759984CBA1
                                                                                                          Function 00013AC2 Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 2c11522dcea083afb42c2d4c2dd92eadf4fb03b32420afcf103d5b454f794a24
                                                                                                          • Instruction ID: af24a816e228eab809c2638639c04729622ecd59a1e6fbef538d5d11f1672e17
                                                                                                          • Opcode Fuzzy Hash: 2c11522dcea083afb42c2d4c2dd92eadf4fb03b32420afcf103d5b454f794a24
                                                                                                          • Instruction Fuzzy Hash: E471C471504F849EDB25DB70DC81AEBF7E8AF15301F44496EE6AB47142EB326A88CF11
                                                                                                          Function 0001850D Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 00018512
                                                                                                            • Part of subcall function 000113A2: __EH_prolog.LIBCMT ref: 000113A7
                                                                                                            • Part of subcall function 000113A2: new.LIBCMT ref: 00011420
                                                                                                            • Part of subcall function 000119C6: __EH_prolog.LIBCMT ref: 000119CB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 0945b0d329f23568a1aa9ee008155ac8ad1b3a74e02943544c9c6d856013675a
                                                                                                          • Instruction ID: ad64d97b1081761f4b38d09a17c91eb8d6e7cc92bef9fd9f42db69f2715e64e5
                                                                                                          • Opcode Fuzzy Hash: 0945b0d329f23568a1aa9ee008155ac8ad1b3a74e02943544c9c6d856013675a
                                                                                                          • Instruction Fuzzy Hash: 37419F719406A49ADB24EB60CC55BEAB3B8AF10304F4440EAE58EA3093DF756BC8DF50
                                                                                                          Function 000230C9 Relevance: 1.6, APIs: 1, Instructions: 90COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 7bee4ddaf22b741a6a7ad21ce853eabc457d18a7d383b053f9d4eb413917b5a6
                                                                                                          • Instruction ID: c13e7a33eba119e5e7a6b2c23db5ee44ce15f3b0ea65b13a4f1f18004d4f1485
                                                                                                          • Opcode Fuzzy Hash: 7bee4ddaf22b741a6a7ad21ce853eabc457d18a7d383b053f9d4eb413917b5a6
                                                                                                          • Instruction Fuzzy Hash: 6121F8B1E402316FDB149F75EC416ABB6A8FF15754F04023AE905EB682D7749E10C6A8
                                                                                                          Function 00011E20 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 00011E25
                                                                                                            • Part of subcall function 00013AC2: __EH_prolog.LIBCMT ref: 00013AC7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 0a9d52dc23975345105fd46873601441d45fe0644ccbee0be9747d78e283dec8
                                                                                                          • Instruction ID: d78e5a29b0c8275631b1c525927c62321d600a0912ad93ff38b58e291c12c248
                                                                                                          • Opcode Fuzzy Hash: 0a9d52dc23975345105fd46873601441d45fe0644ccbee0be9747d78e283dec8
                                                                                                          • Instruction Fuzzy Hash: E4215A71A042189FCF19DF98D9519EEFBF6BF58300F10006DE949A7252DB325E50CBA0
                                                                                                          Function 0002AA53 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 0002AA58
                                                                                                            • Part of subcall function 000113A2: __EH_prolog.LIBCMT ref: 000113A7
                                                                                                            • Part of subcall function 000113A2: new.LIBCMT ref: 00011420
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 11afb7b8ab01e2c4e879baff3ee2383f9220765f80587d603f10d4e885340b26
                                                                                                          • Instruction ID: 58870b053785016a676a7c2ab6cd3f902427eb959527794fe528afe36ac6aac5
                                                                                                          • Opcode Fuzzy Hash: 11afb7b8ab01e2c4e879baff3ee2383f9220765f80587d603f10d4e885340b26
                                                                                                          • Instruction Fuzzy Hash: EC218C71D042A9AFCF15DF94D9915EEB7F4AF19304F4004AEE809A3203DB356E45DBA1
                                                                                                          Function 00019477 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 676a75b6ab41cbf1c89dd58a0177a9950af162a88aa033c2f84251728da1e63c
                                                                                                          • Instruction ID: 2d29204b1f80d448d01957a219ebb9b04f7486c7d302e3e6f0aaff875547e35a
                                                                                                          • Opcode Fuzzy Hash: 676a75b6ab41cbf1c89dd58a0177a9950af162a88aa033c2f84251728da1e63c
                                                                                                          • Instruction Fuzzy Hash: F111A577A015289BCF11AF98CC51DDEB776FF48750F004155F919A7222CA34CD9187E0
                                                                                                          Function 000388C9 Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,000392E3,00000001,00000364,?,00033B5F,?,?,00050F50), ref: 0003890A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: adcb956e77d7fa16d149ad90a6ea504e09d24e80d8c60882ca54e2907e509124
                                                                                                          • Instruction ID: fb318965495fc5def7e58750854bc9af730b02becd38be5617035f01f845face
                                                                                                          • Opcode Fuzzy Hash: adcb956e77d7fa16d149ad90a6ea504e09d24e80d8c60882ca54e2907e509124
                                                                                                          • Instruction Fuzzy Hash: 0AF0E031A0532567DB731B259C05B6A378C9F417A0F1CC193B804E6191CF30DD004BE1
                                                                                                          Function 00038838 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RtlAllocateHeap.NTDLL(00000000,?,?,?,00033CF6,?,0000015D,?,?,?,?,000351D2,000000FF,00000000,?,?), ref: 0003886A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AllocateHeap
                                                                                                          • String ID:
                                                                                                          • API String ID: 1279760036-0
                                                                                                          • Opcode ID: 648eac622bfa7476768a2619dd3d01067673498293d69fff7356161f3d685d63
                                                                                                          • Instruction ID: 0ba35e05cec30a44cdd2bdca9068474a189fcaf8f3f2839683480b87436c47c4
                                                                                                          • Opcode Fuzzy Hash: 648eac622bfa7476768a2619dd3d01067673498293d69fff7356161f3d685d63
                                                                                                          • Instruction Fuzzy Hash: 97E065356013119BE7732B665C05B9B7A9C9B413A0FA5C1A0BD58A6092DF64DC0047E1
                                                                                                          Function 00015B57 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 00015B5C
                                                                                                            • Part of subcall function 0001B26D: __EH_prolog.LIBCMT ref: 0001B272
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog
                                                                                                          • String ID:
                                                                                                          • API String ID: 3519838083-0
                                                                                                          • Opcode ID: 35d96266a3d6b87c05e90dda0d0ca64669bc1df95a96cd72b2ed2539357e4b30
                                                                                                          • Instruction ID: 1ea10b39d577cc7a5805777d4708629f6abc215fa60b9f7639414bc62df43e20
                                                                                                          • Opcode Fuzzy Hash: 35d96266a3d6b87c05e90dda0d0ca64669bc1df95a96cd72b2ed2539357e4b30
                                                                                                          • Instruction Fuzzy Hash: 50018C30A157A4EAE715E7A8E8153EFF7F89F15304F00818EB85A53283DBB41B08C762
                                                                                                          Function 0001A6B9 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindClose.KERNELBASE(00000000,000000FF,?,?), ref: 0001A6E8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseFind
                                                                                                          • String ID:
                                                                                                          • API String ID: 1863332320-0
                                                                                                          • Opcode ID: 43cb6d7983e74293f88f99aa3b73561ea9f1a03f350d585a137112d88c7b7321
                                                                                                          • Instruction ID: 54fa31aa6ebb8101d3bccadbe9ea3b373e9485fbceef2eafb3de8d568584ce63
                                                                                                          • Opcode Fuzzy Hash: 43cb6d7983e74293f88f99aa3b73561ea9f1a03f350d585a137112d88c7b7321
                                                                                                          • Instruction Fuzzy Hash: 15F05E3510E780AACA626BB848457CABBE06F17371F088A49F1F9521D2C3B554D99722
                                                                                                          Function 00020957 Relevance: 1.5, APIs: 1, Instructions: 21threadCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetThreadExecutionState.KERNEL32(00000001), ref: 0002098C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExecutionStateThread
                                                                                                          • String ID:
                                                                                                          • API String ID: 2211380416-0
                                                                                                          • Opcode ID: 7527a6d88633618405f89a0fe21b578d10426d86b27419f8c345d15e0d92756d
                                                                                                          • Instruction ID: 7f48c4f313f0f3efa3e80188f1f7d33597a3ae0a04bf182dc1493206d88a9f01
                                                                                                          • Opcode Fuzzy Hash: 7527a6d88633618405f89a0fe21b578d10426d86b27419f8c345d15e0d92756d
                                                                                                          • Instruction Fuzzy Hash: AFD012656112602DFA213324FC49BFE168A4FD6321F0C0175B40E56293CA4D08C69BA1
                                                                                                          Function 00029FDB Relevance: 1.5, APIs: 1, Instructions: 17memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GdipAlloc.GDIPLUS(00000010), ref: 00029FE1
                                                                                                            • Part of subcall function 00029D6F: GdipCreateBitmapFromStreamICM.GDIPLUS(?,?), ref: 00029D90
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Gdip$AllocBitmapCreateFromStream
                                                                                                          • String ID:
                                                                                                          • API String ID: 1915507550-0
                                                                                                          • Opcode ID: 1be1482ac2147708aedbcb5cadff49528507359555a760097fab3dd187c3424e
                                                                                                          • Instruction ID: 567a473ffdcbc849c818e805a96078daa7335e353d1c6ea85112e6eadfd6f2b2
                                                                                                          • Opcode Fuzzy Hash: 1be1482ac2147708aedbcb5cadff49528507359555a760097fab3dd187c3424e
                                                                                                          • Instruction Fuzzy Hash: BDD0A73021421D7ADFD07A64EC029BE7A9CDB00300F004075BC08C5182FE71CE106251
                                                                                                          Function 00019B29 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetFileType.KERNELBASE(000000FF,00019A27), ref: 00019B35
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileType
                                                                                                          • String ID:
                                                                                                          • API String ID: 3081899298-0
                                                                                                          • Opcode ID: d21a3378762cd65062cc35ad50ad7cb0b4d717850d78858471dc86bd7a7d4863
                                                                                                          • Instruction ID: 05266ab0cb8b5f470d2e13e2826f98af3675042e07e49466e3ebdd7423963f4c
                                                                                                          • Opcode Fuzzy Hash: d21a3378762cd65062cc35ad50ad7cb0b4d717850d78858471dc86bd7a7d4863
                                                                                                          • Instruction Fuzzy Hash: 91D01270015140958FA18A346F990D5A6929B43366B38CBA4D026C50A2C722C983F501
                                                                                                          Function 0002D6D7 Relevance: 1.5, APIs: 1, Instructions: 13windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SendDlgItemMessageW.USER32(0000006A,00000402,00000000,?,?), ref: 0002D6FC
                                                                                                            • Part of subcall function 0002AF04: PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0002AF15
                                                                                                            • Part of subcall function 0002AF04: GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0002AF26
                                                                                                            • Part of subcall function 0002AF04: IsDialogMessageW.USER32(0001047C,?), ref: 0002AF3A
                                                                                                            • Part of subcall function 0002AF04: TranslateMessage.USER32(?), ref: 0002AF48
                                                                                                            • Part of subcall function 0002AF04: DispatchMessageW.USER32(?), ref: 0002AF52
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$DialogDispatchItemPeekSendTranslate
                                                                                                          • String ID:
                                                                                                          • API String ID: 897784432-0
                                                                                                          • Opcode ID: eb7bf2407bc04b6ce44c8c8e081523c502414739800931fcf187f9d46054efed
                                                                                                          • Instruction ID: bb3f651caebf565997f8bc0b7d70c32cdbf1f63a68df6a421479b71310a425e7
                                                                                                          • Opcode Fuzzy Hash: eb7bf2407bc04b6ce44c8c8e081523c502414739800931fcf187f9d46054efed
                                                                                                          • Instruction Fuzzy Hash: E7D09E71144301ABE7012B51DE06F5A7AA2BB88B05F404554B644740B28A6AAD60DF26
                                                                                                          Function 0002DB4E Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 506cf7e6e03773dd7fb19d6e798a9c0c8f182efe0ab112ba127145d98b39dab1
                                                                                                          • Instruction ID: 308ddbc553dbd98fc5bca7373a30ecb7749fcfaf3d9b961dcbda860f4981db01
                                                                                                          • Opcode Fuzzy Hash: 506cf7e6e03773dd7fb19d6e798a9c0c8f182efe0ab112ba127145d98b39dab1
                                                                                                          • Instruction Fuzzy Hash: D6B012C9AD8161FC32042144FC4AC3F021CC7D0B11370C42BBB01D40C1E9445C098035
                                                                                                          Function 0002DB69 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 43acfc938fe8ea8dfea3d5384b4c6cef3d2e729c8294eed8127c965fb6f231b9
                                                                                                          • Instruction ID: c44c1d7f54fb32e39ec047e2968fdea395e28ba9e2214acec6805afd8777766d
                                                                                                          • Opcode Fuzzy Hash: 43acfc938fe8ea8dfea3d5384b4c6cef3d2e729c8294eed8127c965fb6f231b9
                                                                                                          • Instruction Fuzzy Hash: 4AB012C9A98261EC32186148FD42C3F011CC7C0B10370843BB605C50C1E9445C064035
                                                                                                          Function 0002DB73 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 605a696473a1252850652f49fc8c856bc043d888f1cab8fbc3f4ac39076b0c9f
                                                                                                          • Instruction ID: 9b513fc551764d45db6bf89e0e7fbdf3161c9af1f1a412e84d5e533ffbb60b7a
                                                                                                          • Opcode Fuzzy Hash: 605a696473a1252850652f49fc8c856bc043d888f1cab8fbc3f4ac39076b0c9f
                                                                                                          • Instruction Fuzzy Hash: 90B012C9A98161EC32046148FC42C3F021CE7C0B10370842BB605C50C1E9445C054135
                                                                                                          Function 0002DB7D Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: d0550142ec703cca1d5b1447ea7c208e1b037663e431a82d580d032d57610fda
                                                                                                          • Instruction ID: 76835d4a472d0b1840fc186045c0adc616fd527b230615cfdd67af8def053f36
                                                                                                          • Opcode Fuzzy Hash: d0550142ec703cca1d5b1447ea7c208e1b037663e431a82d580d032d57610fda
                                                                                                          • Instruction Fuzzy Hash: EFB012C5A98061EC32046149FC02C3A011CC7C0B10370C46BBA05C51C1E5445C0A8035
                                                                                                          Function 0002DB87 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 66ee2694762527f4e7845143b30cfc5ac14b262a816871b86ee457466b9f8bbd
                                                                                                          • Instruction ID: 423936fc92eb3c7fd92d654ce71362b93046ec85d16a5f2c930abccb8855b250
                                                                                                          • Opcode Fuzzy Hash: 66ee2694762527f4e7845143b30cfc5ac14b262a816871b86ee457466b9f8bbd
                                                                                                          • Instruction Fuzzy Hash: 14B012C5A981A1EC32446149FC02C3A011CC7C0B10371C56BB605C51C1E5445C8A4035
                                                                                                          Function 0002DB9B Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: bbdde65482dddd6c35c80a3ae512b095f5ed6e08a1b55c8b0a14f49a10627897
                                                                                                          • Instruction ID: 88788249ba812a8b0d1c8e896fab62b54ac9dc993beebe8600c24438649f5177
                                                                                                          • Opcode Fuzzy Hash: bbdde65482dddd6c35c80a3ae512b095f5ed6e08a1b55c8b0a14f49a10627897
                                                                                                          • Instruction Fuzzy Hash: 20B012C5A98061EC32046189FC02C3A021CD7C4B10370C86BB605C51C1F5445C0A4035
                                                                                                          Function 0002DBA5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: cc239c6101dc74f3aed47c151aa4ca6722549614c7daea18c6a9c77333357afe
                                                                                                          • Instruction ID: a74819bbaca9a39df5be7970dcc8fe70a501a02339c0a08411aee896a61073ca
                                                                                                          • Opcode Fuzzy Hash: cc239c6101dc74f3aed47c151aa4ca6722549614c7daea18c6a9c77333357afe
                                                                                                          • Instruction Fuzzy Hash: 2DB012D5A980A1EC32047148FC02C3A011CC7C0B10370C42BBA09C50C1E5445C058035
                                                                                                          Function 0002DBAF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: f2252746c441e62afd872ab7808f4580b0192d297e61760d78728a0fca01d412
                                                                                                          • Instruction ID: a9cf71f753e2f9aaa02148b7d4bd8794e116d86bcf7a5dbb8a0fdb1580114131
                                                                                                          • Opcode Fuzzy Hash: f2252746c441e62afd872ab7808f4580b0192d297e61760d78728a0fca01d412
                                                                                                          • Instruction Fuzzy Hash: 66B012D5A981A1EC32447148FC02C3A011CC7C0B10371852BB609C50C1E5445C454035
                                                                                                          Function 0002DBB9 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: a00fba9b9e3015a8c95b214f626964c7854aa3ba1770e55805fa6d59c912610a
                                                                                                          • Instruction ID: a9f7b4e48d51960f24e49e155c721e8b97771971e9ffc81e6ae8d8aad2ac34e0
                                                                                                          • Opcode Fuzzy Hash: a00fba9b9e3015a8c95b214f626964c7854aa3ba1770e55805fa6d59c912610a
                                                                                                          • Instruction Fuzzy Hash: CDB012D5A980A1EC32087148FD02C3A011CC7C0B10370843BB609C50C1E5445D064035
                                                                                                          Function 0002DBC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 2bf7cfe9ca2e41ffa404254c05849d1e331a0863313a579d22d10c53420064ba
                                                                                                          • Instruction ID: e90b49f552dddfcc1e580177089f90ceb2b49725e3ce2f9e97eb6490d12feaf3
                                                                                                          • Opcode Fuzzy Hash: 2bf7cfe9ca2e41ffa404254c05849d1e331a0863313a579d22d10c53420064ba
                                                                                                          • Instruction Fuzzy Hash: 32B012D5A980A1EC32087149FC02C3A021CD7C0B10370842BB609C50C1E5445C054035
                                                                                                          Function 0002DBCD Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 6a04b1277034a294028b77ec74af1bec3c350c9f158309ee5bfe97f33826a0e7
                                                                                                          • Instruction ID: 52d0f60e951c6f92a7cd8e3577d9ef62204e0c72d93adbf84c926e9bcdd2e646
                                                                                                          • Opcode Fuzzy Hash: 6a04b1277034a294028b77ec74af1bec3c350c9f158309ee5bfe97f33826a0e7
                                                                                                          • Instruction Fuzzy Hash: F5B012C5A99061EC3204A148FC02C3A011DC7C0B10370C42BBA05C50C2E5445C058035
                                                                                                          Function 0002DBE1 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 284604f18c609c64adc33298075f446cdb1104f967643af2432052db0d26cd10
                                                                                                          • Instruction ID: 0349d06da096eee31be2e38c986e6d5e32e5e0382acc113d662a6d52e88b738c
                                                                                                          • Opcode Fuzzy Hash: 284604f18c609c64adc33298075f446cdb1104f967643af2432052db0d26cd10
                                                                                                          • Instruction Fuzzy Hash: 29B012C5A9A061EC3208A148FD02C3A011DC7C0B10370843BB605C50C2E5445C064035
                                                                                                          Function 0002DBEB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 4009c76e43db22fb4e8b16668995b650398e16a946c658ac35ec352ece67b8c5
                                                                                                          • Instruction ID: 3ff7c847a7eed5d5b94921ea797678dd90c46ed677056e6b97f3bab8e3c8ce03
                                                                                                          • Opcode Fuzzy Hash: 4009c76e43db22fb4e8b16668995b650398e16a946c658ac35ec352ece67b8c5
                                                                                                          • Instruction Fuzzy Hash: B4B012C5AA9061EC3204A148FC02C3A025DDBC0B10370842BB605C50C2E5445C054035
                                                                                                          Function 0002DBFF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: f5d4685a0568fd4f3124bdbeed0a4451ed3e29a217fab8c17f014c4e40088aa5
                                                                                                          • Instruction ID: 2a69139bf5bb085476f79033f528d95560efaebde4e08135b0400478844bbd70
                                                                                                          • Opcode Fuzzy Hash: f5d4685a0568fd4f3124bdbeed0a4451ed3e29a217fab8c17f014c4e40088aa5
                                                                                                          • Instruction Fuzzy Hash: 19B012C5B98161EC32456148FC02C3A019CD7C0B10371852BB605C50C1E5445C454035
                                                                                                          Function 0002DC31 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: ab827d9ff5fbb370c934dabbdce3099eecaf530f7cb01d7ffffbfdfb92b918a1
                                                                                                          • Instruction ID: 1db5dbe03edd213aa36465cfcbf6e11d327267666f7b1fe07e98221edda6176e
                                                                                                          • Opcode Fuzzy Hash: ab827d9ff5fbb370c934dabbdce3099eecaf530f7cb01d7ffffbfdfb92b918a1
                                                                                                          • Instruction Fuzzy Hash: B5B012C5A98061EC32186148FD03C3A011CC7C0F10370843BB705C50C1F5445C064035
                                                                                                          Function 0002DD96 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: fcd044c65f820321baae23f07ebb6fcb718fe20588e67bce78badcb1d5102f4e
                                                                                                          • Instruction ID: 04ab4decf58aee75e09ba5390ff610ef757238180a51e373144e857be3925a7c
                                                                                                          • Opcode Fuzzy Hash: fcd044c65f820321baae23f07ebb6fcb718fe20588e67bce78badcb1d5102f4e
                                                                                                          • Instruction Fuzzy Hash: CCB012D5698861EC32047149FC02C3E010CC3C0B10330D56BBA05C8042E44C9C050035
                                                                                                          Function 0002DDA0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 7787576c6f47a6ae4e4994859fd42acccbe37c88528e95b5751d5108824aa450
                                                                                                          • Instruction ID: 90e3d1bef2df93684beaf293eddeae255dde1be1b6d02a270594031122e378d7
                                                                                                          • Opcode Fuzzy Hash: 7787576c6f47a6ae4e4994859fd42acccbe37c88528e95b5751d5108824aa450
                                                                                                          • Instruction Fuzzy Hash: 1FB012C5698821AC3204614AFC02D3E010CD3C4B10330D96BB605C8042F4489C0A0435
                                                                                                          Function 0002DDC8 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: b59b05d003b26912ae57cd148286ccce7f2d55f12997c4bee94ef939bab44b38
                                                                                                          • Instruction ID: 0cf0a2d86cc1a60560d465542757ba0e78c7ebb506b239920d7b34a3f2407551
                                                                                                          • Opcode Fuzzy Hash: b59b05d003b26912ae57cd148286ccce7f2d55f12997c4bee94ef939bab44b38
                                                                                                          • Instruction Fuzzy Hash: BCB012C56D8921AC32046149FC42D3E010CE3C0B10330956BB505C8042E4489C050135
                                                                                                          Function 0002DE8A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 83b9cc2c4ec159979f44f81badab31cb3f4504b184208ba9e8a8fdc554df6347
                                                                                                          • Instruction ID: 459475ee89f1f6c1c57f5a6bc92fc16953fada41fd339b8e0fbdde0c103054fe
                                                                                                          • Opcode Fuzzy Hash: 83b9cc2c4ec159979f44f81badab31cb3f4504b184208ba9e8a8fdc554df6347
                                                                                                          • Instruction Fuzzy Hash: 3CB012C1399222BC33042145BC07CBB011CC7C0B14330852BB605D8042D9485C490039
                                                                                                          Function 0002DEA5 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: b7fd1812328fa49337c2a11a3eadfff5a19a75c905c317cc4336c11ef7bc0116
                                                                                                          • Instruction ID: 4a42f9bbbfaf53a50b5347aaafe35d51dc1cad1fc246fad730a1321bcbfc79c0
                                                                                                          • Opcode Fuzzy Hash: b7fd1812328fa49337c2a11a3eadfff5a19a75c905c317cc4336c11ef7bc0116
                                                                                                          • Instruction Fuzzy Hash: 27B012C1399021AC32046159BC07DBA011CD7C0B10330843BB606C8043D9446C490039
                                                                                                          Function 0002DEAF Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: be80ec3083610257b45a0cdd27b7cd822d0a3c7f842ac0e2a62b529dbf13a440
                                                                                                          • Instruction ID: 215e6fb64903640028f5f40bd904521126f9112d7bf6b2c4e5293576356df23d
                                                                                                          • Opcode Fuzzy Hash: be80ec3083610257b45a0cdd27b7cd822d0a3c7f842ac0e2a62b529dbf13a440
                                                                                                          • Instruction Fuzzy Hash: EDB012C1399122EC32086149BC07CBB012CC7C0B10330C42BBA05C9042D9445C090039
                                                                                                          Function 0002DEC3 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 1983398aee8dd4c29f52592384c7b5415be1610fa3c320cc3d3db3df6cfd87dd
                                                                                                          • Instruction ID: b51e8c55b94627f00eb57f82cb759badcf3869d0969715516b74a755c175ec67
                                                                                                          • Opcode Fuzzy Hash: 1983398aee8dd4c29f52592384c7b5415be1610fa3c320cc3d3db3df6cfd87dd
                                                                                                          • Instruction Fuzzy Hash: 21B012C1399062AC32086149BD07CBB011CC7C0B10330C42BB705C8042D9445C060039
                                                                                                          Function 0002DEEB Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DEFD
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 05f96c6351824709124369455dcbba6c84223606f1418817e445974da1d8e37f
                                                                                                          • Instruction ID: bb42e20b39c0b090db17ae3a4ea0af56927858c8908c404b016233c096d9b3d8
                                                                                                          • Opcode Fuzzy Hash: 05f96c6351824709124369455dcbba6c84223606f1418817e445974da1d8e37f
                                                                                                          • Instruction Fuzzy Hash: A5B012C1698122BC32183245FC06C7B022CC3F0B20370C52BBB01D8441A9446C050039
                                                                                                          Function 0002DF1A Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DEFD
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 0f54396b1418d09a226553c33c7dd923853eca0c094ba7ae24ac1ab179e472b8
                                                                                                          • Instruction ID: de9c58fef29a83b59ffdea6e840b097afbd24bd1a22a3a99aea66a334662374b
                                                                                                          • Opcode Fuzzy Hash: 0f54396b1418d09a226553c33c7dd923853eca0c094ba7ae24ac1ab179e472b8
                                                                                                          • Instruction Fuzzy Hash: 0CB012C1698122BD32187249FC42C7A035CD3F0B20370842BF705C8441D5446C050035
                                                                                                          Function 0002DF24 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DEFD
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 6cd3d17d0858aeb90bd67a9c2bc724c9c8383708345bf860beef63b618d5e97c
                                                                                                          • Instruction ID: 27f7370cec2a9a12cf1aa9bd35ebba1027799a2d54810e2aa1fecb9ba2ee3d5a
                                                                                                          • Opcode Fuzzy Hash: 6cd3d17d0858aeb90bd67a9c2bc724c9c8383708345bf860beef63b618d5e97c
                                                                                                          • Instruction Fuzzy Hash: 5DB012C1698121AC321C7249FD02C7A023CC3F0B103B0863BB705C8541D5446C060039
                                                                                                          Function 0002DB96 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 3ff3151c3f5b3f94f1a48d5ef9a1cce3d5ae52713633e2de01157cb5e9ec17e3
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 3ff3151c3f5b3f94f1a48d5ef9a1cce3d5ae52713633e2de01157cb5e9ec17e3
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DBDC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 551f6b31e3683bbfcff44e7967bb1790d86f20cd41e17678da7544e2d911e513
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 551f6b31e3683bbfcff44e7967bb1790d86f20cd41e17678da7544e2d911e513
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DBFA Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 9ded52bca199abeb5dbc1475f7a06a4e564d8a9a5259be9701d70dc9d6a83286
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 9ded52bca199abeb5dbc1475f7a06a4e564d8a9a5259be9701d70dc9d6a83286
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DC0E Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 580e3d26483a2d6ddd863e211282bcc267b595de5cdc2b80acdee98ac7717d59
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 580e3d26483a2d6ddd863e211282bcc267b595de5cdc2b80acdee98ac7717d59
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DC18 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: da9d21bc99d731a380c643a9bba9e64988cb17a6cea7be041b56aa2b1576670f
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: da9d21bc99d731a380c643a9bba9e64988cb17a6cea7be041b56aa2b1576670f
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DC22 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 8fd47fd1f6fae80ed136bce25785911b29cd9dc7ecaaa39e671204717f37656e
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 8fd47fd1f6fae80ed136bce25785911b29cd9dc7ecaaa39e671204717f37656e
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DC2C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 6263a4e0a7338464cdf25f1e517c7165711d745bff2cf4391de78c8956584b27
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 6263a4e0a7338464cdf25f1e517c7165711d745bff2cf4391de78c8956584b27
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DC40 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 500adbc21f6864cc47f8606819d83e66c507fdb0899761ecef2a305c25af45c6
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 500adbc21f6864cc47f8606819d83e66c507fdb0899761ecef2a305c25af45c6
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DC4A Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: b62518c9c7d1e148fac88d8320b356236778c9b0b4865c26ee87c12d7940ccda
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: b62518c9c7d1e148fac88d8320b356236778c9b0b4865c26ee87c12d7940ccda
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DC54 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DB60
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 73832c8021a880b157232ba2a8f8fa0fe29ba38f59724f15cd700b703578d331
                                                                                                          • Instruction ID: 2ad476d104a7b4001af00a8a8e1c6aa0abd754f1d3f5656d4362ea087804137c
                                                                                                          • Opcode Fuzzy Hash: 73832c8021a880b157232ba2a8f8fa0fe29ba38f59724f15cd700b703578d331
                                                                                                          • Instruction Fuzzy Hash: 2BA012C5598062FC31042140BC02C3A011CC6C0B10330481AB502840C1A5401C054030
                                                                                                          Function 0002DD6C Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: e1a044038d4ac2e86079f54952647c95b7b239e515f6181ef5790123277b21e3
                                                                                                          • Instruction ID: c0a99d31fc390c2c1111a1ac5329c10cd2adba34e7a58d5f3ce24dfcbbb5e343
                                                                                                          • Opcode Fuzzy Hash: e1a044038d4ac2e86079f54952647c95b7b239e515f6181ef5790123277b21e3
                                                                                                          • Instruction Fuzzy Hash: E5A002D55959617C35146195BD56C7E511CC6C0B11330555BB50198045A5445C451435
                                                                                                          Function 0002DD87 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: e39bd76e6cc47c5815c8de32d6d88a2c1a09ed39e4a639882e07226fe92cbcbd
                                                                                                          • Instruction ID: ec581f6fc25dd6c99bb469aa5ce1506b3736e9aa34200e727de1ada88a61aa96
                                                                                                          • Opcode Fuzzy Hash: e39bd76e6cc47c5815c8de32d6d88a2c1a09ed39e4a639882e07226fe92cbcbd
                                                                                                          • Instruction Fuzzy Hash: 14A002D5599962BC31146155BD46C7E511CC6C4B51330595BB5029804565445C451435
                                                                                                          Function 0002DD91 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 88494d67e7e5fb4c46b9c7350071c1d56642ba810428b8d7385dd4191d4e117e
                                                                                                          • Instruction ID: ec581f6fc25dd6c99bb469aa5ce1506b3736e9aa34200e727de1ada88a61aa96
                                                                                                          • Opcode Fuzzy Hash: 88494d67e7e5fb4c46b9c7350071c1d56642ba810428b8d7385dd4191d4e117e
                                                                                                          • Instruction Fuzzy Hash: 14A002D5599962BC31146155BD46C7E511CC6C4B51330595BB5029804565445C451435
                                                                                                          Function 0002DDAF Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 1ae9832b31d55e0f43b45514f02d0c734d819903cb5a17773d91b6402f658946
                                                                                                          • Instruction ID: ec581f6fc25dd6c99bb469aa5ce1506b3736e9aa34200e727de1ada88a61aa96
                                                                                                          • Opcode Fuzzy Hash: 1ae9832b31d55e0f43b45514f02d0c734d819903cb5a17773d91b6402f658946
                                                                                                          • Instruction Fuzzy Hash: 14A002D5599962BC31146155BD46C7E511CC6C4B51330595BB5029804565445C451435
                                                                                                          Function 0002DDB9 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: c10409d31bd8b96b2fd829531b3a0ac1a0dc595e0a6fad84a26ca43f6285a646
                                                                                                          • Instruction ID: ec581f6fc25dd6c99bb469aa5ce1506b3736e9aa34200e727de1ada88a61aa96
                                                                                                          • Opcode Fuzzy Hash: c10409d31bd8b96b2fd829531b3a0ac1a0dc595e0a6fad84a26ca43f6285a646
                                                                                                          • Instruction Fuzzy Hash: 14A002D5599962BC31146155BD46C7E511CC6C4B51330595BB5029804565445C451435
                                                                                                          Function 0002DDC3 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DD79
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: ad5317140652b954b99cc0847395a3d1225eef441c29d2e6acf787cf562f3122
                                                                                                          • Instruction ID: ec581f6fc25dd6c99bb469aa5ce1506b3736e9aa34200e727de1ada88a61aa96
                                                                                                          • Opcode Fuzzy Hash: ad5317140652b954b99cc0847395a3d1225eef441c29d2e6acf787cf562f3122
                                                                                                          • Instruction Fuzzy Hash: 14A002D5599962BC31146155BD46C7E511CC6C4B51330595BB5029804565445C451435
                                                                                                          Function 0002DEBE Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: f37305d6397e5b190d4aaf55bbd5ebbc70f1a0a25f49b3ba80e498b593ba5ff0
                                                                                                          • Instruction ID: ffdd4919e05f7b054688f0443855e9415cc1d4d6f4d4cc0ee03c9ac154a5c099
                                                                                                          • Opcode Fuzzy Hash: f37305d6397e5b190d4aaf55bbd5ebbc70f1a0a25f49b3ba80e498b593ba5ff0
                                                                                                          • Instruction Fuzzy Hash: C0A002D5299162BC351461557D57CBA111CC6D4B55331591AB6029804159505C451035
                                                                                                          Function 0002DED2 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 4bac26012ea5c9277da82fd2067ed6f9e2610988ebd18c7403d9a0653c664eed
                                                                                                          • Instruction ID: ffdd4919e05f7b054688f0443855e9415cc1d4d6f4d4cc0ee03c9ac154a5c099
                                                                                                          • Opcode Fuzzy Hash: 4bac26012ea5c9277da82fd2067ed6f9e2610988ebd18c7403d9a0653c664eed
                                                                                                          • Instruction Fuzzy Hash: C0A002D5299162BC351461557D57CBA111CC6D4B55331591AB6029804159505C451035
                                                                                                          Function 0002DEDC Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: d3b7aff073464b7500115abf3b301a11906e02367c0ed89b8544bba4a59a7d79
                                                                                                          • Instruction ID: ffdd4919e05f7b054688f0443855e9415cc1d4d6f4d4cc0ee03c9ac154a5c099
                                                                                                          • Opcode Fuzzy Hash: d3b7aff073464b7500115abf3b301a11906e02367c0ed89b8544bba4a59a7d79
                                                                                                          • Instruction Fuzzy Hash: C0A002D5299162BC351461557D57CBA111CC6D4B55331591AB6029804159505C451035
                                                                                                          Function 0002DEE6 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DE9C
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: 9e7a45d0e6ef48f0c5eaee7829da9c96298a33f66842992471277bfac98bb399
                                                                                                          • Instruction ID: ffdd4919e05f7b054688f0443855e9415cc1d4d6f4d4cc0ee03c9ac154a5c099
                                                                                                          • Opcode Fuzzy Hash: 9e7a45d0e6ef48f0c5eaee7829da9c96298a33f66842992471277bfac98bb399
                                                                                                          • Instruction Fuzzy Hash: C0A002D5299162BC351461557D57CBA111CC6D4B55331591AB6029804159505C451035
                                                                                                          Function 0002DF0B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DEFD
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: bb129cac1079903fc0a9224977ac7e9ff88bc5fb15bb050c0dfd30b1c080b30e
                                                                                                          • Instruction ID: 6ce1314390d3fdaa74269e65ddea2ec56e20d5496ee063e0742befa6907bce08
                                                                                                          • Opcode Fuzzy Hash: bb129cac1079903fc0a9224977ac7e9ff88bc5fb15bb050c0dfd30b1c080b30e
                                                                                                          • Instruction Fuzzy Hash: 83A002D5599162BC75187255BD46C7A121CC6E4B51371591AB6029845155406C451035
                                                                                                          Function 0002DF15 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___delayLoadHelper2@8.DELAYIMP ref: 0002DEFD
                                                                                                            • Part of subcall function 0002E221: DloadReleaseSectionWriteAccess.DELAYIMP ref: 0002E29E
                                                                                                            • Part of subcall function 0002E221: RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0002E2AF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AccessDloadExceptionHelper2@8LoadRaiseReleaseSectionWrite___delay
                                                                                                          • String ID:
                                                                                                          • API String ID: 1269201914-0
                                                                                                          • Opcode ID: bfede1492ccfb2ea3929e18a12cca4422a9f80171217bb9fff29a85280f0fd38
                                                                                                          • Instruction ID: 6ce1314390d3fdaa74269e65ddea2ec56e20d5496ee063e0742befa6907bce08
                                                                                                          • Opcode Fuzzy Hash: bfede1492ccfb2ea3929e18a12cca4422a9f80171217bb9fff29a85280f0fd38
                                                                                                          • Instruction Fuzzy Hash: 83A002D5599162BC75187255BD46C7A121CC6E4B51371591AB6029845155406C451035
                                                                                                          Function 0001A05F Relevance: 1.5, APIs: 1, Instructions: 7fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetEndOfFile.KERNELBASE(?,00019295,?,?,-00001964), ref: 0001A062
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File
                                                                                                          • String ID:
                                                                                                          • API String ID: 749574446-0
                                                                                                          • Opcode ID: 1ace6e2cd14aa056be99a3435b4a20615964b5a294f4c306e406d9bdad710e79
                                                                                                          • Instruction ID: d5d18c774b63ae61d67e68544556706641cde1da009ea0eb882e8a202079ad7e
                                                                                                          • Opcode Fuzzy Hash: 1ace6e2cd14aa056be99a3435b4a20615964b5a294f4c306e406d9bdad710e79
                                                                                                          • Instruction Fuzzy Hash: 9CB011B80A000AAA8E002F30CE288283A20EB2230A300A2A0A002CA0A0CB22C002AA00
                                                                                                          Function 00019870 Relevance: 1.3, APIs: 1, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNELBASE(000000FF,?,?,0001982C,?,?,?,?,00041F81,000000FF), ref: 0001988B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: cdf79ad3ae51f81ea54a364f6d1dea37a3872eff0dff3b058d1a3cadbd0e2690
                                                                                                          • Instruction ID: 0202607b4dcc995f163764f13bfa9108705bb4eb22032d2fba18c1b8a96e3fbf
                                                                                                          • Opcode Fuzzy Hash: cdf79ad3ae51f81ea54a364f6d1dea37a3872eff0dff3b058d1a3cadbd0e2690
                                                                                                          • Instruction Fuzzy Hash: FBF089705857145EEF308A24C9687E2B7D45B13739F045B1DD0F7434E0D76565CD8B40

                                                                                                          Non-executed Functions

                                                                                                          Function 0002BB70 Relevance: 49.3, APIs: 25, Strings: 3, Instructions: 286timewindowfileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0001130B: GetDlgItem.USER32(00000000,00003021), ref: 0001134F
                                                                                                            • Part of subcall function 0001130B: SetWindowTextW.USER32(00000000,000435B4), ref: 00011365
                                                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000171,00000000,00000000), ref: 0002BC01
                                                                                                          • EndDialog.USER32(?,00000006), ref: 0002BC14
                                                                                                          • GetDlgItem.USER32(?,0000006C), ref: 0002BC30
                                                                                                          • SetFocus.USER32(00000000), ref: 0002BC37
                                                                                                          • SetDlgItemTextW.USER32(?,00000065,?), ref: 0002BC71
                                                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000170,?,00000000), ref: 0002BCA8
                                                                                                          • FindFirstFileW.KERNEL32(?,?), ref: 0002BCBE
                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0002BCDC
                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0002BCEC
                                                                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0002BD08
                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0002BD24
                                                                                                          • _swprintf.LIBCMT ref: 0002BD54
                                                                                                            • Part of subcall function 00013F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00013FA2
                                                                                                          • SetDlgItemTextW.USER32(?,0000006A,?), ref: 0002BD67
                                                                                                          • FindClose.KERNEL32(00000000), ref: 0002BD6E
                                                                                                          • _swprintf.LIBCMT ref: 0002BDC7
                                                                                                          • SetDlgItemTextW.USER32(?,00000068,?), ref: 0002BDDA
                                                                                                          • SendDlgItemMessageW.USER32(?,00000067,00000170,?,00000000), ref: 0002BDF7
                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,?,?), ref: 0002BE17
                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 0002BE27
                                                                                                          • GetTimeFormatW.KERNEL32(00000400,00000002,?,00000000,?,00000032), ref: 0002BE41
                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000000,?,00000000,?,00000032), ref: 0002BE59
                                                                                                          • _swprintf.LIBCMT ref: 0002BE85
                                                                                                          • SetDlgItemTextW.USER32(?,0000006B,?), ref: 0002BE98
                                                                                                          • _swprintf.LIBCMT ref: 0002BEEC
                                                                                                          • SetDlgItemTextW.USER32(?,00000069,?), ref: 0002BEFF
                                                                                                            • Part of subcall function 0002A8CC: GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0002A8F2
                                                                                                            • Part of subcall function 0002A8CC: GetNumberFormatW.KERNEL32(00000400,00000000,?,0004E600,?,?), ref: 0002A941
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ItemTime$File$Text$Format$_swprintf$MessageSend$DateFindLocalSystem$CloseDialogFirstFocusInfoLocaleNumberWindow__vswprintf_c_l
                                                                                                          • String ID: %s %s$%s %s %s$REPLACEFILEDLG
                                                                                                          • API String ID: 797121971-1840816070
                                                                                                          • Opcode ID: bd82038301557078f0fa888854f390d4d746bd45349f8cea5c0ddac719e3bca0
                                                                                                          • Instruction ID: dda3fc006621a5a900ebb7338d7430b0901cdc75332ba33f97f05eb811766605
                                                                                                          • Opcode Fuzzy Hash: bd82038301557078f0fa888854f390d4d746bd45349f8cea5c0ddac719e3bca0
                                                                                                          • Instruction Fuzzy Hash: A291A4B2548348BFE2219BA0DD49FFB77ECEB89704F040829F749D6082DB7596458B72
                                                                                                          Function 000171E6 Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 326fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 000171EB
                                                                                                            • Part of subcall function 00017CC4: GetCurrentProcess.KERNEL32(00000020,?), ref: 00017CD3
                                                                                                            • Part of subcall function 00017CC4: GetLastError.KERNEL32 ref: 00017D19
                                                                                                            • Part of subcall function 00017CC4: CloseHandle.KERNEL32(?), ref: 00017D28
                                                                                                            • Part of subcall function 0001A320: DeleteFileW.KERNELBASE(?,?,?,000199EC,?,?,00019825,?,?,?,?,00041F81,000000FF), ref: 0001A331
                                                                                                            • Part of subcall function 0001A320: DeleteFileW.KERNEL32(?,?,?,00000800,?,?,000199EC,?,?,00019825,?,?,?,?,00041F81,000000FF), ref: 0001A35F
                                                                                                          • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000001,00000080,00000000,?,?,00000001,?), ref: 0001737E
                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0001739A
                                                                                                          • CreateFileW.KERNEL32(?,C0000000,00000000,00000000,00000003,02200000,00000000), ref: 000174C9
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$CloseCreateDeleteHandle$CurrentErrorH_prologLastProcess
                                                                                                          • String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
                                                                                                          • API String ID: 2517273693-3508440684
                                                                                                          • Opcode ID: ddf85be2e71d4a9fa0f991da26c3b1ca57ac800de5a754964a1aa7e0de96f131
                                                                                                          • Instruction ID: 28be8146587836f510053b16f02ed1b4526ac77b5bebbaa8ec86c8b5509c0eff
                                                                                                          • Opcode Fuzzy Hash: ddf85be2e71d4a9fa0f991da26c3b1ca57ac800de5a754964a1aa7e0de96f131
                                                                                                          • Instruction Fuzzy Hash: 9FC10471904604ABEF21EB74DC81EEEB7B8EF44304F004569F95AE7243D774AA84CB61
                                                                                                          Function 00013206 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 608COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: H_prolog_memcmp
                                                                                                          • String ID: CMT$h%u$hc%u
                                                                                                          • API String ID: 3004599000-3282847064
                                                                                                          • Opcode ID: 901bb4782e6cb2766531fbe7ee709e447493b0aa383f3ca0c83c54e6bfed39d5
                                                                                                          • Instruction ID: b1da4f3e8862f2bd3e47e8cfbf4628e55d57d27f59d4efd1dec30fdd7b8721fe
                                                                                                          • Opcode Fuzzy Hash: 901bb4782e6cb2766531fbe7ee709e447493b0aa383f3ca0c83c54e6bfed39d5
                                                                                                          • Instruction Fuzzy Hash: 103291715143849FEF18DF64C885AEA37E5AF55304F44447EFD8A8B283DB70AA88CB61
                                                                                                          Function 0003D35E Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __floor_pentium4
                                                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                          • API String ID: 4168288129-2761157908
                                                                                                          • Opcode ID: 2d9daa618a138f3d0aff907f8e2f2ad160b287d65b44b24cd42e2b56c030cebe
                                                                                                          • Instruction ID: d6003b4505dda06e2ade5c5d314a6cdcc5da1fc23092283771bc3b91b61687a0
                                                                                                          • Opcode Fuzzy Hash: 2d9daa618a138f3d0aff907f8e2f2ad160b287d65b44b24cd42e2b56c030cebe
                                                                                                          • Instruction Fuzzy Hash: FBC23B71E086288FDB66CE28DD407EAB7F9EB45304F1542EAD44DE7281E774AE818F40
                                                                                                          Function 0001276D Relevance: 7.8, APIs: 3, Strings: 1, Instructions: 794COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 00012776
                                                                                                          • _strlen.LIBCMT ref: 00012D04
                                                                                                            • Part of subcall function 00021692: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?,?,?,?,0001B842,00000000,?,?,?,0001047C), ref: 000216AE
                                                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00012E65
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharH_prologMultiUnothrow_t@std@@@Wide__ehfuncinfo$??2@_strlen
                                                                                                          • String ID: CMT
                                                                                                          • API String ID: 1706572503-2756464174
                                                                                                          • Opcode ID: 5e306f059851e164fef947c3232a360b4913cd9450e92e5cff334181ccc26b88
                                                                                                          • Instruction ID: 3641e58c4649af3d3e3eabc0061e769b87a3a4604b0bf838a051ab7bf71d1139
                                                                                                          • Opcode Fuzzy Hash: 5e306f059851e164fef947c3232a360b4913cd9450e92e5cff334181ccc26b88
                                                                                                          • Instruction Fuzzy Hash: 8462F4719042448FDF29DF78C885AEA3BE1AF54304F09457EED9A8B283DB7099D5CB50
                                                                                                          Function 0003898F Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 00038A87
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 00038A91
                                                                                                          • UnhandledExceptionFilter.KERNEL32(-00000311,?,?,?,?,?,00000000), ref: 00038A9E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                          • String ID:
                                                                                                          • API String ID: 3906539128-0
                                                                                                          • Opcode ID: 582235e15ab21b42c2be5a93047beba66ca23c30db767cb16491fd2168659438
                                                                                                          • Instruction ID: fa477f12a320d8b234e2e80c0b40e12c742eb931ffa041fcc0dae9cee373a9a2
                                                                                                          • Opcode Fuzzy Hash: 582235e15ab21b42c2be5a93047beba66ca23c30db767cb16491fd2168659438
                                                                                                          • Instruction Fuzzy Hash: 1531B37590122D9BDB61DF64D9897DCBBB8BF08310F5081EAE80CA7261EB349B858F45
                                                                                                          Function 0003ADB8 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 114COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: .
                                                                                                          • API String ID: 0-248832578
                                                                                                          • Opcode ID: 759ce7731a7ac902f2cfeaf7ea2cecb54a26d5b188d7062116f380a4567ecc7a
                                                                                                          • Instruction ID: a34c6abb1561ad859f2f4b0eb8b3f14104593c0ca421658bf025049f1a9276ef
                                                                                                          • Opcode Fuzzy Hash: 759ce7731a7ac902f2cfeaf7ea2cecb54a26d5b188d7062116f380a4567ecc7a
                                                                                                          • Instruction Fuzzy Hash: AC3128B1A002496FCB269F78CC84DFB7BBDDF86314F1401A8F459C7251E6309D458B61
                                                                                                          Function 0003CEB0 Relevance: 3.5, APIs: 2, Instructions: 464COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e4c71cb9696925a17b0f1ed029d90042ab8403ec90c4966a08425d5b2b74d4a4
                                                                                                          • Instruction ID: eca7826bac441c4f0fcbfbb7c4b3e4e86ddc3533bcba16661cff0d6f6a7775ac
                                                                                                          • Opcode Fuzzy Hash: e4c71cb9696925a17b0f1ed029d90042ab8403ec90c4966a08425d5b2b74d4a4
                                                                                                          • Instruction Fuzzy Hash: CD022B71E002199BDF15CFA9D8806AEFBF5FF88314F25826AD919E7241D731AE41CB80
                                                                                                          Function 0002A8CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetLocaleInfoW.KERNEL32(00000400,0000000F,?,00000064), ref: 0002A8F2
                                                                                                          • GetNumberFormatW.KERNEL32(00000400,00000000,?,0004E600,?,?), ref: 0002A941
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FormatInfoLocaleNumber
                                                                                                          • String ID:
                                                                                                          • API String ID: 2169056816-0
                                                                                                          • Opcode ID: 59a9130c0da75f333038d7142e441b2dde90175609e476058a7bed4591795b21
                                                                                                          • Instruction ID: 8a8dd87a3793672a420de0972db7120360c5b834834a018971f4150803d2815a
                                                                                                          • Opcode Fuzzy Hash: 59a9130c0da75f333038d7142e441b2dde90175609e476058a7bed4591795b21
                                                                                                          • Instruction Fuzzy Hash: 46015E7A100398BBEB108F64EC45F9BB7BCEF19720F005422FA0497161D3749A158BA9
                                                                                                          Function 00016EA8 Relevance: 3.0, APIs: 2, Instructions: 17windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetLastError.KERNEL32(00017016,00000000,00000400), ref: 00016EA8
                                                                                                          • FormatMessageW.KERNEL32(00001200,00000000,00000000,00000400,?,?,00000000), ref: 00016EC9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorFormatLastMessage
                                                                                                          • String ID:
                                                                                                          • API String ID: 3479602957-0
                                                                                                          • Opcode ID: 991dbc8528f3a0c7c9c8395511042b3be4ee3415459c2fe8f5c638e39496c28e
                                                                                                          • Instruction ID: 9c05f62cffbf050f566bc6044fab8003f77fca8a02d947e9447b486e7b2757d3
                                                                                                          • Opcode Fuzzy Hash: 991dbc8528f3a0c7c9c8395511042b3be4ee3415459c2fe8f5c638e39496c28e
                                                                                                          • Instruction Fuzzy Hash: DAD0A7783C43017EFE200B70EC05F7A3BE06706B42F10D7047342D80D0C57180249618
                                                                                                          Function 00041464 Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,0004145F,?,?,00000008,?,?,000410FF,00000000), ref: 00041691
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionRaise
                                                                                                          • String ID:
                                                                                                          • API String ID: 3997070919-0
                                                                                                          • Opcode ID: e2992be0efbc831edc64672549e2d5be4a8c195f533d07af82f1999883a89197
                                                                                                          • Instruction ID: 7fb12d0ed156e2f3429f2c2e984326ca578fbd356f95fcb9fe46988c18de0d48
                                                                                                          • Opcode Fuzzy Hash: e2992be0efbc831edc64672549e2d5be4a8c195f533d07af82f1999883a89197
                                                                                                          • Instruction Fuzzy Hash: 6CB15FB5610608DFD755CF28C48ABA57BF0FF45364F298668E89ACF2A1C335E981CB44
                                                                                                          Function 00013FFE Relevance: 1.6, Strings: 1, Instructions: 332COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: gj
                                                                                                          • API String ID: 0-4203073231
                                                                                                          • Opcode ID: 76da12711b98701d9019d12b562aa71a8901b2bab4d42bb9d0e97fbae46e3d24
                                                                                                          • Instruction ID: f576e378357f01b4aea7ec9d1b6d805917e3cbcfbc8cef2448f1574ea6c7a412
                                                                                                          • Opcode Fuzzy Hash: 76da12711b98701d9019d12b562aa71a8901b2bab4d42bb9d0e97fbae46e3d24
                                                                                                          • Instruction Fuzzy Hash: 05F1D2B1A083418FD348CF29D880A5AFBE1BFCC208F15992EF598D7711E634E9558F56
                                                                                                          Function 0001AEE5 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetVersionExW.KERNEL32(?), ref: 0001AF0A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Version
                                                                                                          • String ID:
                                                                                                          • API String ID: 1889659487-0
                                                                                                          • Opcode ID: 071fb1271169854c4514cec61e1232a0ffea7202bbe4e3776c770a1016e6820b
                                                                                                          • Instruction ID: 12fe32bbd4de034ec6d9c755de478be5ab9c7f0664d90ac1e0e814b9f1ac5c96
                                                                                                          • Opcode Fuzzy Hash: 071fb1271169854c4514cec61e1232a0ffea7202bbe4e3776c770a1016e6820b
                                                                                                          • Instruction Fuzzy Hash: 22F06DF4A0030C8BDB28CB58ED456EA73A1F74A311F2002A9DA1943354D378AD81CF55
                                                                                                          Function 0002F303 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_0001F310,0002ED75), ref: 0002F308
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                          • String ID:
                                                                                                          • API String ID: 3192549508-0
                                                                                                          • Opcode ID: e3b178ea22c9bb292d666ace5cafab607425646f2851f2bfaf46532a0d882164
                                                                                                          • Instruction ID: c935b6ad48722b21f943258a47a9f8fa7a5eb84d4601f2a4404285b67f884264
                                                                                                          • Opcode Fuzzy Hash: e3b178ea22c9bb292d666ace5cafab607425646f2851f2bfaf46532a0d882164
                                                                                                          • Instruction Fuzzy Hash:
                                                                                                          Function 0003BAA0 Relevance: 1.3, APIs: 1, Instructions: 5memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: HeapProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 54951025-0
                                                                                                          • Opcode ID: 4cca32fe855ba35ed4a6f25527658a5df79aba21b12ae28567a335641b81ef22
                                                                                                          • Instruction ID: 0b32d83095629ed29bbf14e85c4b57e9f3401cb7bf9b1b92af032032170b01c2
                                                                                                          • Opcode Fuzzy Hash: 4cca32fe855ba35ed4a6f25527658a5df79aba21b12ae28567a335641b81ef22
                                                                                                          • Instruction Fuzzy Hash: 05A001F8A112018BA7408F7AAA193493AA9BB466917099269A509D61B0EA2C85A49F05
                                                                                                          Function 00025EB8 Relevance: .8, Instructions: 800COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 47fe8b68d85eb5d17935bfec2f030431fd039ced6a7f16b8f26ca7e07dbe69ab
                                                                                                          • Instruction ID: 8491219e4f33d836b94480262dac2b4724b5477b2753a324764d72e29f38fef6
                                                                                                          • Opcode Fuzzy Hash: 47fe8b68d85eb5d17935bfec2f030431fd039ced6a7f16b8f26ca7e07dbe69ab
                                                                                                          • Instruction Fuzzy Hash: C3624731604B958FCB29CF38E8906F9BBE1AF55304F08896ED8EB8B342D631E945C714
                                                                                                          Function 000272FF Relevance: .8, Instructions: 773COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 1934457230b8a5889079426b7d709a5a451781bce21afd7ed3a4cdc0267fc13d
                                                                                                          • Instruction ID: dd621915a3c899025f1516b27250dcece3693823fe69d93be978f7e50a8968e0
                                                                                                          • Opcode Fuzzy Hash: 1934457230b8a5889079426b7d709a5a451781bce21afd7ed3a4cdc0267fc13d
                                                                                                          • Instruction Fuzzy Hash: BD6224706087969FC729CF28D8806B9FBE1BF55304F14866ED9AE87742D730EA55CB80
                                                                                                          Function 0001EFEF Relevance: .7, Instructions: 694COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 08f5bd359781b5b3123466a5dc6871deb785564998a4d1fc58e8050fbd07c65a
                                                                                                          • Instruction ID: 4dc8c2ecaed24e0ed5f604b8f7960272a81ef5cbcac95c63bb8abf3ca50b95bb
                                                                                                          • Opcode Fuzzy Hash: 08f5bd359781b5b3123466a5dc6871deb785564998a4d1fc58e8050fbd07c65a
                                                                                                          • Instruction Fuzzy Hash: 3F523B726047018FC718CF19C891A6AF7E1FFCC304F498A2DE98597255D734EA59CB86
                                                                                                          Function 00026CBC Relevance: .5, Instructions: 509COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c3dd3ff4408fdf19bb955616eecb27f7934ae5e9513e661c58e8089dc0526ed6
                                                                                                          • Instruction ID: 6f6ad0ab6a9aca321087fab54c9128829d4e8e41f1c55d0432bd1c16ba7571a5
                                                                                                          • Opcode Fuzzy Hash: c3dd3ff4408fdf19bb955616eecb27f7934ae5e9513e661c58e8089dc0526ed6
                                                                                                          • Instruction Fuzzy Hash: FA12F4B16047168BCB28CF28E9D07B9B3E1FF54308F10492EE59BC7A81D775A8A4CB45
                                                                                                          Function 0001C017 Relevance: .4, Instructions: 449COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 32d077c6873a9c74c4dbc00ca0b35b3c3f4b088f93bdf930808bec61d931da8e
                                                                                                          • Instruction ID: 1710876e3ae7fb50547ac6feefdb85bc118df0183769ef4fca46d94df899a115
                                                                                                          • Opcode Fuzzy Hash: 32d077c6873a9c74c4dbc00ca0b35b3c3f4b088f93bdf930808bec61d931da8e
                                                                                                          • Instruction Fuzzy Hash: E7F1BA71A483018FD764CF28C4849AEBBE2EFC9714F548A2EF4D597252D730E985CB52
                                                                                                          Function 00030DE3 Relevance: .3, Instructions: 345COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                          • Instruction ID: 77cd3a3b386e8bed31a6b1180f8e9a34d6f70c49afded03eb6bab3fae4d50d83
                                                                                                          • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                          • Instruction Fuzzy Hash: AAC192322060930AEFAE4639C53457FBAE95BD27B1B1A076ED4F6CB0C5FE20C564D620
                                                                                                          Function 00031218 Relevance: .3, Instructions: 341COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                          • Instruction ID: 404119c568637d09ebb33722c633b617f14b1b822431bb325292820c6513edb9
                                                                                                          • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                          • Instruction Fuzzy Hash: F4C174322061934BEBAE463A853457FBAE55BD27B171A076ED4F7CB0C5FE10C524D620
                                                                                                          Function 000309AE Relevance: .3, Instructions: 331COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                          • Instruction ID: ce8feb11a7bfcfa9aea484a0d1fd6af05abeee74cd07c4673a08fdfd4e9abd6f
                                                                                                          • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                          • Instruction Fuzzy Hash: CDC19F322161930BEFAE4639853453FFAE95BE27B171A076ED4F6CB1C5FE20C5249620
                                                                                                          Function 00030596 Relevance: .3, Instructions: 323COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                          • Instruction ID: 910f5317bdaaa5e2fe25656c311ec87cad9cb9d8ce8456bc2607d542ba38cd31
                                                                                                          • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                          • Instruction Fuzzy Hash: B7C1723220A1530AEFAE4639C53453FBAE95BE27B171A076ED4F6CB1C9FE20D524D610
                                                                                                          Function 0001E57B Relevance: .3, Instructions: 318COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c733347e432c5370c4f4b21c7d2972b5ef9b204b0fd0527f52f259d5cde18743
                                                                                                          • Instruction ID: 196b48e847992f00cfb0691a43c160e1cba842168ee19f4c6708a10a97da7e2d
                                                                                                          • Opcode Fuzzy Hash: c733347e432c5370c4f4b21c7d2972b5ef9b204b0fd0527f52f259d5cde18743
                                                                                                          • Instruction Fuzzy Hash: 31E117745183848FD304CF29D8905ABBBF0BB8A301F89496EF9D597352C236E919DF62
                                                                                                          Function 00023C7D Relevance: .3, Instructions: 263COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 2c3de862736fa759ab1a4f332156b41f12bf147e2cfccb8d80ac070fbe34d2d0
                                                                                                          • Instruction ID: 1c72eae2f605fb98d8713ee50b88c77f41673f69d54096b28b576cc11b96953d
                                                                                                          • Opcode Fuzzy Hash: 2c3de862736fa759ab1a4f332156b41f12bf147e2cfccb8d80ac070fbe34d2d0
                                                                                                          • Instruction Fuzzy Hash: 569157B02043559BDB24EF64F895BFEB7D5AB51300F10092DE997872C3EB789688C752
                                                                                                          Function 00034C39 Relevance: .2, Instructions: 237COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: cd80cbe972f84f10c5728996baee0bad5a8ee5275275e37d730f5ec6e10aaefe
                                                                                                          • Instruction ID: c7fb68f7e4521b61098453c2f5ae1f9d9f1f8b711e473a16b454c07dca18e61c
                                                                                                          • Opcode Fuzzy Hash: cd80cbe972f84f10c5728996baee0bad5a8ee5275275e37d730f5ec6e10aaefe
                                                                                                          • Instruction Fuzzy Hash: C3616571610B09A7DEFB9A288892BFE23DCEF41700F14091AE883DF2A2D715BD42C355
                                                                                                          Function 00023FAE Relevance: .2, Instructions: 232COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7143b401136632ee41cc728dc3e906afaa0c283aea16f65d0c64829696432638
                                                                                                          • Instruction ID: 7b4df9ad72cd87ac984ffedd5760fab405a183d1caadbb15a48cff06f84b6af9
                                                                                                          • Opcode Fuzzy Hash: 7143b401136632ee41cc728dc3e906afaa0c283aea16f65d0c64829696432638
                                                                                                          • Instruction Fuzzy Hash: E37179717043A59BDB34DF28E8C1BED77D0ABA1304F00092DEA868B683DA7489C9C752
                                                                                                          Function 00034A0A Relevance: .2, Instructions: 214COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                          • Instruction ID: 134d41f0c3c16260af7c90533eaa01d3c0cd50d4aac3770020a1deef253ea95e
                                                                                                          • Opcode Fuzzy Hash: 5deea3b29f66a918188f7a75532971316276c2599c24e1ebb0fa75850081f94e
                                                                                                          • Instruction Fuzzy Hash: 69518861680F4497DBBB896889967FFB7CD9B12300F180549E982CF293C719FE45835B
                                                                                                          Function 0001E147 Relevance: .2, Instructions: 190COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7696b65dccb8ed960e7a82359ae72344445c19be522e06d79cdccfac804f7975
                                                                                                          • Instruction ID: 22fec0c4e5bdf08937be6707a25d9d6e665ecc980002150228f905ada08b8f8e
                                                                                                          • Opcode Fuzzy Hash: 7696b65dccb8ed960e7a82359ae72344445c19be522e06d79cdccfac804f7975
                                                                                                          • Instruction Fuzzy Hash: 128182912597E49EE7564F7C7CA42FA3FA55733202B5C00BAC8C987263D13A4A98D721
                                                                                                          Function 0001EB7B Relevance: .2, Instructions: 154COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 73551f061fbeb237f9014dff11d003de8ea5e13542a180f5d2115c1830f23470
                                                                                                          • Instruction ID: 86b88d979d8b020a1bc10303ed5965fa1b381c6c6cb3820d090d373c9638cb1e
                                                                                                          • Opcode Fuzzy Hash: 73551f061fbeb237f9014dff11d003de8ea5e13542a180f5d2115c1830f23470
                                                                                                          • Instruction Fuzzy Hash: 4D519D7150C3D14EC712CF29D5944EFBFE1AF9A318F5948AEE8D54A213C230968ACB92
                                                                                                          Function 0001FC43 Relevance: .1, Instructions: 131COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9283e6247ddc9768b49c9927b64c578dc6b69cecf71d930ef571c3427fa84bef
                                                                                                          • Instruction ID: a6a00897ad89c38520f2e866814ae2dae56d8d0b0d6400b0dfce51ef5f61e669
                                                                                                          • Opcode Fuzzy Hash: 9283e6247ddc9768b49c9927b64c578dc6b69cecf71d930ef571c3427fa84bef
                                                                                                          • Instruction Fuzzy Hash: FE5136B1A083068BC748CF19D48059AF7E1FF88314F058A2EE899A3741DB34E959CBD6
                                                                                                          Function 00023A02 Relevance: .1, Instructions: 112COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 52abad45f79ce36a7b19b15fd8adf95ea09ff33d00a420e695b3def5234c655d
                                                                                                          • Instruction ID: 44470effdff214bd8e0ef80e512f2b2648cb21b166af2c5d9e33ec99a2c52c46
                                                                                                          • Opcode Fuzzy Hash: 52abad45f79ce36a7b19b15fd8adf95ea09ff33d00a420e695b3def5234c655d
                                                                                                          • Instruction Fuzzy Hash: 2231F2B26047559FCB14DF28C8516AEBBD0FB96300F10492DE4C5C7742D739EA89CB92
                                                                                                          Function 00015EBC Relevance: .1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7984eaeb5f872894f55277456badf67e2d6eccc95b61acfb6359050129d02c0d
                                                                                                          • Instruction ID: 8f90ed233738c8993d3ac2dd0939c543f15bfd1310a9ed0009f6cd2e2bea04ca
                                                                                                          • Opcode Fuzzy Hash: 7984eaeb5f872894f55277456badf67e2d6eccc95b61acfb6359050129d02c0d
                                                                                                          • Instruction Fuzzy Hash: 55210775A202618FCB88CF2EDD9047A7791E78A312746813BEA42CB2D0C538F965C7A0
                                                                                                          Function 0002C085 Relevance: 31.9, APIs: 14, Strings: 4, Instructions: 429windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 0002C08A
                                                                                                            • Part of subcall function 0002ACC6: ExpandEnvironmentStringsW.KERNEL32(00000000,?,00001000), ref: 0002AD8E
                                                                                                          • SetWindowTextW.USER32(?,?), ref: 0002C3B7
                                                                                                          • _wcsrchr.LIBVCRUNTIME ref: 0002C541
                                                                                                          • GetDlgItem.USER32(?,00000066), ref: 0002C57C
                                                                                                          • SetWindowTextW.USER32(00000000,?), ref: 0002C58C
                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,0005A472), ref: 0002C59A
                                                                                                          • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0002C5C5
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSendTextWindow$EnvironmentExpandH_prologItemStrings_wcsrchr
                                                                                                          • String ID: %s.%d.tmp$<br>$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion
                                                                                                          • API String ID: 3564274579-312220925
                                                                                                          • Opcode ID: 01d83a1ad9707d7b69a686b6fafd2faa1e1db2690d74ecbd4afe96c1a4b6693d
                                                                                                          • Instruction ID: 0266d797a19996f9204e0fc24d640ce1889bcff805f4ca73f9d5acc67a5fb436
                                                                                                          • Opcode Fuzzy Hash: 01d83a1ad9707d7b69a686b6fafd2faa1e1db2690d74ecbd4afe96c1a4b6693d
                                                                                                          • Instruction Fuzzy Hash: 16E19476D00628AAEB25DBA0EC85DEF77BCAF15311F4000A6F909E7051EB749FC48B51
                                                                                                          Function 0001DD73 Relevance: 26.5, APIs: 12, Strings: 3, Instructions: 236COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _swprintf.LIBCMT ref: 0001DD99
                                                                                                            • Part of subcall function 00013F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00013FA2
                                                                                                            • Part of subcall function 000218AE: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,?,00000000,00000000,?,00050EE8,?,0001D4C2,00000000,?,00000050,00050EE8), ref: 000218CB
                                                                                                          • _strlen.LIBCMT ref: 0001DDBA
                                                                                                          • SetDlgItemTextW.USER32(?,0004E154,?), ref: 0001DE1A
                                                                                                          • GetWindowRect.USER32(?,?), ref: 0001DE54
                                                                                                          • GetClientRect.USER32(?,?), ref: 0001DE60
                                                                                                          • GetWindowLongW.USER32(?,000000F0), ref: 0001DF00
                                                                                                          • GetWindowRect.USER32(?,?), ref: 0001DF2D
                                                                                                          • SetWindowTextW.USER32(?,?), ref: 0001DF70
                                                                                                          • GetSystemMetrics.USER32(00000008), ref: 0001DF78
                                                                                                          • GetWindow.USER32(?,00000005), ref: 0001DF83
                                                                                                          • GetWindowRect.USER32(00000000,?), ref: 0001DFB0
                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 0001E022
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWide__vswprintf_c_l_strlen_swprintf
                                                                                                          • String ID: $%s:$CAPTION$d
                                                                                                          • API String ID: 2407758923-2512411981
                                                                                                          • Opcode ID: 9f823f99bceb3d96d1cc98150a1c2a80cb1c7b7ba6da8dcddde25177a8bef4ac
                                                                                                          • Instruction ID: 004da627160d35e06d3e99c2b7d19298bc3e391a468303a2949154a6566c49d3
                                                                                                          • Opcode Fuzzy Hash: 9f823f99bceb3d96d1cc98150a1c2a80cb1c7b7ba6da8dcddde25177a8bef4ac
                                                                                                          • Instruction Fuzzy Hash: 1381B271508341AFD714DF68CD84AAFBBE9FBC8704F04092DFA88E7251D674E9458B52
                                                                                                          Function 0003C592 Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___free_lconv_mon.LIBCMT ref: 0003C5D6
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C18E
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C1A0
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C1B2
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C1C4
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C1D6
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C1E8
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C1FA
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C20C
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C21E
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C230
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C242
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C254
                                                                                                            • Part of subcall function 0003C171: _free.LIBCMT ref: 0003C266
                                                                                                          • _free.LIBCMT ref: 0003C5CB
                                                                                                            • Part of subcall function 000387FE: RtlFreeHeap.NTDLL(00000000,00000000,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?), ref: 00038814
                                                                                                            • Part of subcall function 000387FE: GetLastError.KERNEL32(?,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?,?), ref: 00038826
                                                                                                          • _free.LIBCMT ref: 0003C5ED
                                                                                                          • _free.LIBCMT ref: 0003C602
                                                                                                          • _free.LIBCMT ref: 0003C60D
                                                                                                          • _free.LIBCMT ref: 0003C62F
                                                                                                          • _free.LIBCMT ref: 0003C642
                                                                                                          • _free.LIBCMT ref: 0003C650
                                                                                                          • _free.LIBCMT ref: 0003C65B
                                                                                                          • _free.LIBCMT ref: 0003C693
                                                                                                          • _free.LIBCMT ref: 0003C69A
                                                                                                          • _free.LIBCMT ref: 0003C6B7
                                                                                                          • _free.LIBCMT ref: 0003C6CF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                          • String ID:
                                                                                                          • API String ID: 161543041-0
                                                                                                          • Opcode ID: a225bf2f8812807e983504bdfcaf642f0775d0d1682640617bb6576566ae231f
                                                                                                          • Instruction ID: 2bdd5c0573d8d0526fba23d5b935f25c97a0d743e9203cae2280b80034f1867e
                                                                                                          • Opcode Fuzzy Hash: a225bf2f8812807e983504bdfcaf642f0775d0d1682640617bb6576566ae231f
                                                                                                          • Instruction Fuzzy Hash: AF316F72604705AFEF62AA39D946F9673EEBF00310F249469F548EB152DF31EC808B24
                                                                                                          Function 0002CFEE Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 79windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetWindow.USER32(?,00000005), ref: 0002D011
                                                                                                          • GetClassNameW.USER32(00000000,?,00000800), ref: 0002D03D
                                                                                                            • Part of subcall function 00021AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0001B250,?,?,?,0001B1FE,?,-00000002,?,00000000,?), ref: 00021ADA
                                                                                                          • GetWindowLongW.USER32(00000000,000000F0), ref: 0002D059
                                                                                                          • SendMessageW.USER32(00000000,00000173,00000000,00000000), ref: 0002D070
                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 0002D084
                                                                                                          • SendMessageW.USER32(00000000,00000172,00000000,00000000), ref: 0002D0AD
                                                                                                          • DeleteObject.GDI32(00000000), ref: 0002D0B4
                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 0002D0BD
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$MessageObjectSend$ClassCompareDeleteLongNameString
                                                                                                          • String ID: STATIC
                                                                                                          • API String ID: 3820355801-1882779555
                                                                                                          • Opcode ID: 44e72943b1382ab76ffc78cd7eb050ea9773815df21f86f86046367c58b041a4
                                                                                                          • Instruction ID: d50bcec638fbcf6bedd5b4da8c6693c7e75c986641a5ef5936c7a5657589bd7c
                                                                                                          • Opcode Fuzzy Hash: 44e72943b1382ab76ffc78cd7eb050ea9773815df21f86f86046367c58b041a4
                                                                                                          • Instruction Fuzzy Hash: 9511E1329453307BF2706BB0EC89FEF769DFB64710F404422FA45B50A3CA688D8686B5
                                                                                                          Function 000391C1 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _free.LIBCMT ref: 000391D5
                                                                                                            • Part of subcall function 000387FE: RtlFreeHeap.NTDLL(00000000,00000000,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?), ref: 00038814
                                                                                                            • Part of subcall function 000387FE: GetLastError.KERNEL32(?,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?,?), ref: 00038826
                                                                                                          • _free.LIBCMT ref: 000391E1
                                                                                                          • _free.LIBCMT ref: 000391EC
                                                                                                          • _free.LIBCMT ref: 000391F7
                                                                                                          • _free.LIBCMT ref: 00039202
                                                                                                          • _free.LIBCMT ref: 0003920D
                                                                                                          • _free.LIBCMT ref: 00039218
                                                                                                          • _free.LIBCMT ref: 00039223
                                                                                                          • _free.LIBCMT ref: 0003922E
                                                                                                          • _free.LIBCMT ref: 0003923C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 776569668-0
                                                                                                          • Opcode ID: 98e66a147431afabe1c5ca08c9bdfb0b3ef68972fa83c6fba02d160b194d4340
                                                                                                          • Instruction ID: b707b341ada025afdd1e9ae6d84cfbbe3fc1523fa07c44e31143fc578d749e7e
                                                                                                          • Opcode Fuzzy Hash: 98e66a147431afabe1c5ca08c9bdfb0b3ef68972fa83c6fba02d160b194d4340
                                                                                                          • Instruction Fuzzy Hash: 9C11777A514248AFCF16EF59C942CD93BAAFF04350F6181A5BA084F137DA31DE509B84
                                                                                                          Function 000120E7 Relevance: 14.5, APIs: 5, Strings: 3, Instructions: 480COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: ;%u$x%u$xc%u
                                                                                                          • API String ID: 0-2277559157
                                                                                                          • Opcode ID: 4a0a98bef46b02f2533228d7a21d157f11e9b58aa296ca018910f072982aae39
                                                                                                          • Instruction ID: 62f79414e9839b51a495b149c9e86fb139f1bbce6263eb45a7851dc5fbf03771
                                                                                                          • Opcode Fuzzy Hash: 4a0a98bef46b02f2533228d7a21d157f11e9b58aa296ca018910f072982aae39
                                                                                                          • Instruction Fuzzy Hash: 81F1FA71A083809BEB15EB6888D5FFE77D96F90300F080579F9858B283DA64D9D4C762
                                                                                                          Function 0002AF60 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 98windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0001130B: GetDlgItem.USER32(00000000,00003021), ref: 0001134F
                                                                                                            • Part of subcall function 0001130B: SetWindowTextW.USER32(00000000,000435B4), ref: 00011365
                                                                                                          • EndDialog.USER32(?,00000001), ref: 0002AFB0
                                                                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 0002AFD7
                                                                                                          • SendDlgItemMessageW.USER32(?,00000066,00000172,00000000,?), ref: 0002AFF0
                                                                                                          • SetWindowTextW.USER32(?,?), ref: 0002B001
                                                                                                          • GetDlgItem.USER32(?,00000065), ref: 0002B00A
                                                                                                          • SendMessageW.USER32(00000000,00000435,00000000,00010000), ref: 0002B01E
                                                                                                          • SendMessageW.USER32(00000000,00000443,00000000,00000000), ref: 0002B034
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: MessageSend$Item$TextWindow$Dialog
                                                                                                          • String ID: LICENSEDLG
                                                                                                          • API String ID: 3214253823-2177901306
                                                                                                          • Opcode ID: 87126c6082418bc4a06769e757623b07cf5e9666901dc017fdac60c799fdb62a
                                                                                                          • Instruction ID: 81eb13592fa128b5ab6e73427ef3470985462d849c362889b3ca2d92fff83ed9
                                                                                                          • Opcode Fuzzy Hash: 87126c6082418bc4a06769e757623b07cf5e9666901dc017fdac60c799fdb62a
                                                                                                          • Instruction Fuzzy Hash: 96218572644210BBF2615B61ED89F7B7BADFB4A751F000024F609A50A1DF5D68419772
                                                                                                          Function 000195E0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 000195E5
                                                                                                          • GetLongPathNameW.KERNEL32(?,?,00000800), ref: 00019608
                                                                                                          • GetShortPathNameW.KERNEL32(?,?,00000800), ref: 00019627
                                                                                                            • Part of subcall function 00021AC4: CompareStringW.KERNEL32(00000400,00001001,00000000,000000FF,?,000000FF,0001B250,?,?,?,0001B1FE,?,-00000002,?,00000000,?), ref: 00021ADA
                                                                                                          • _swprintf.LIBCMT ref: 000196C3
                                                                                                            • Part of subcall function 00013F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00013FA2
                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 00019732
                                                                                                          • MoveFileW.KERNEL32(?,?), ref: 00019772
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileMoveNamePath$CompareH_prologLongShortString__vswprintf_c_l_swprintf
                                                                                                          • String ID: rtmp%d
                                                                                                          • API String ID: 2111052971-3303766350
                                                                                                          • Opcode ID: 93ef564fba12ab20aa5ba0d4ae5f2da1192b48660623ef95b0ca362be8b71118
                                                                                                          • Instruction ID: 99ab3bf9ca2ec77a102497b06ee029014b31511493fc16df193b2f08e6661a48
                                                                                                          • Opcode Fuzzy Hash: 93ef564fba12ab20aa5ba0d4ae5f2da1192b48660623ef95b0ca362be8b71118
                                                                                                          • Instruction Fuzzy Hash: BF4131759112686ADF20EFA0DC95EDE73BCAF51380F1444E5B549E3082DB349BC9CBA4
                                                                                                          Function 000290A2 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 125memoryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GlobalAlloc.KERNEL32(00000040,?), ref: 00029178
                                                                                                          • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000003,?,00000000,00000000), ref: 00029199
                                                                                                          • CreateStreamOnHGlobal.COMBASE(00000000,00000001,00000000), ref: 000291C0
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Global$AllocByteCharCreateMultiStreamWide
                                                                                                          • String ID: </html>$<head><meta http-equiv="content-type" content="text/html; charset=$<html>$utf-8"></head>
                                                                                                          • API String ID: 4094277203-4209811716
                                                                                                          • Opcode ID: 0adaa78250a33a190c781a6109c7546ecd5ec234e311f5bd73d91070a085fe11
                                                                                                          • Instruction ID: ee43450ac99e92f55ff6b5fdcf790b15eacc1057effe9c563e09b2fd982545a4
                                                                                                          • Opcode Fuzzy Hash: 0adaa78250a33a190c781a6109c7546ecd5ec234e311f5bd73d91070a085fe11
                                                                                                          • Instruction Fuzzy Hash: 76317D755043267BD725BB60AC46FEF7B9CEF82320F104019F904561C3EF649A0883A5
                                                                                                          Function 00020D5A Relevance: 12.1, APIs: 8, Instructions: 115timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __aulldiv.LIBCMT ref: 00020D6D
                                                                                                            • Part of subcall function 0001AEE5: GetVersionExW.KERNEL32(?), ref: 0001AF0A
                                                                                                          • FileTimeToLocalFileTime.KERNEL32(?,00000001,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00020D90
                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?,00000000,?,00000064,00000000,00000001,00000000,?), ref: 00020DA2
                                                                                                          • SystemTimeToTzSpecificLocalTime.KERNEL32(00000000,?,?), ref: 00020DB3
                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00020DC3
                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00020DD3
                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00020E0D
                                                                                                          • __aullrem.LIBCMT ref: 00020E9B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Time$File$System$Local$SpecificVersion__aulldiv__aullrem
                                                                                                          • String ID:
                                                                                                          • API String ID: 1247370737-0
                                                                                                          • Opcode ID: 79257488a80b0f03c0d9c3132d39c2173f5fc236076421da4ae3ded753042c0f
                                                                                                          • Instruction ID: cc34ec7acd35d6238b5762786aa4944522e10f6ca2831d508e1f9945c6e67946
                                                                                                          • Opcode Fuzzy Hash: 79257488a80b0f03c0d9c3132d39c2173f5fc236076421da4ae3ded753042c0f
                                                                                                          • Instruction Fuzzy Hash: 914157B64083159FC714DF64D8809ABFBF8FB88714F004E2EF59282650E738E588CB62
                                                                                                          Function 0003F0FD Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetConsoleCP.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,0003F872,00000000,00000000,00000000,00000000,00000000,00034D0F), ref: 0003F13F
                                                                                                          • __fassign.LIBCMT ref: 0003F1BA
                                                                                                          • __fassign.LIBCMT ref: 0003F1D5
                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,00000001,00000000,00000005,00000000,00000000), ref: 0003F1FB
                                                                                                          • WriteFile.KERNEL32(?,00000000,00000000,0003F872,00000000,?,?,?,?,?,?,?,?,?,0003F872,00000000), ref: 0003F21A
                                                                                                          • WriteFile.KERNEL32(?,00000000,00000001,0003F872,00000000,?,?,?,?,?,?,?,?,?,0003F872,00000000), ref: 0003F253
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                          • String ID:
                                                                                                          • API String ID: 1324828854-0
                                                                                                          • Opcode ID: 1cecdf2afab1d90459f8dd30f6b217905c7f11eb18534d4cdc2f76556e989850
                                                                                                          • Instruction ID: 6f07e8ee47a97c6759ab37af0b1bb7bdd0243a34bb67fee986d20a057caaeb7a
                                                                                                          • Opcode Fuzzy Hash: 1cecdf2afab1d90459f8dd30f6b217905c7f11eb18534d4cdc2f76556e989850
                                                                                                          • Instruction Fuzzy Hash: FD51C1B4E0024ADFDB11CFA8D885AEFBBF8EF09300F14412AE955E7291D774A951CB60
                                                                                                          Function 00029878 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ShowWindow.USER32(?,00000000), ref: 00029891
                                                                                                          • GetWindowRect.USER32(?,00000000), ref: 000298E7
                                                                                                          • ShowWindow.USER32(?,00000005,00000000), ref: 0002997E
                                                                                                          • SetWindowTextW.USER32(?,00000000), ref: 00029986
                                                                                                          • ShowWindow.USER32(00000000,00000005), ref: 0002999C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Window$Show$RectText
                                                                                                          • String ID: RarHtmlClassName
                                                                                                          • API String ID: 3937224194-1658105358
                                                                                                          • Opcode ID: a642f7089feecbfa3fc831436bb9d715104b0b5e72c9b8a076da195841a2c4c6
                                                                                                          • Instruction ID: fd4fb550fffe4c58f76a79eebab85ebb0d761d4c492994328f3f83c0a950fee1
                                                                                                          • Opcode Fuzzy Hash: a642f7089feecbfa3fc831436bb9d715104b0b5e72c9b8a076da195841a2c4c6
                                                                                                          • Instruction Fuzzy Hash: 5341B031404224AFEB219F65EC4CB5B7BA8FF49710F04456DFA09A9166CB38D990CB61
                                                                                                          Function 0003C314 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0003C2D8: _free.LIBCMT ref: 0003C301
                                                                                                          • _free.LIBCMT ref: 0003C362
                                                                                                            • Part of subcall function 000387FE: RtlFreeHeap.NTDLL(00000000,00000000,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?), ref: 00038814
                                                                                                            • Part of subcall function 000387FE: GetLastError.KERNEL32(?,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?,?), ref: 00038826
                                                                                                          • _free.LIBCMT ref: 0003C36D
                                                                                                          • _free.LIBCMT ref: 0003C378
                                                                                                          • _free.LIBCMT ref: 0003C3CC
                                                                                                          • _free.LIBCMT ref: 0003C3D7
                                                                                                          • _free.LIBCMT ref: 0003C3E2
                                                                                                          • _free.LIBCMT ref: 0003C3ED
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 776569668-0
                                                                                                          • Opcode ID: b4869a11d69ac16d31ffc0356dc65cdab29eeda7956d265d3493ae357e3f0567
                                                                                                          • Instruction ID: 68c628f61ff70f6a52d0da707c03678b13e25a52572c01950236a04ac7fb3ed1
                                                                                                          • Opcode Fuzzy Hash: b4869a11d69ac16d31ffc0356dc65cdab29eeda7956d265d3493ae357e3f0567
                                                                                                          • Instruction Fuzzy Hash: CB111F72584B08BAE922BBB1CC4BFCB779DAF14700F404D15B6AAFA063DE65B5054790
                                                                                                          Function 0003236A Relevance: 10.6, APIs: 7, Instructions: 60COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetLastError.KERNEL32(?,?,00032361,0002FDB2), ref: 00032378
                                                                                                          • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00032386
                                                                                                          • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 0003239F
                                                                                                          • SetLastError.KERNEL32(00000000,?,00032361,0002FDB2), ref: 000323F1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastValue___vcrt_
                                                                                                          • String ID:
                                                                                                          • API String ID: 3852720340-0
                                                                                                          • Opcode ID: 538097cd8884ba0209240f1202bc7fecdc46acaa5ab9e5d91f8c58facf96d370
                                                                                                          • Instruction ID: f060b8e60bf5545bb0a45b4301fa72ec4d4e927881514b059b39f30839be0377
                                                                                                          • Opcode Fuzzy Hash: 538097cd8884ba0209240f1202bc7fecdc46acaa5ab9e5d91f8c58facf96d370
                                                                                                          • Instruction Fuzzy Hash: 9B01D8765093116FB6662B74BDC559A269CFB12374F210629F110451E2EF194D015158
                                                                                                          Function 0002DF61 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 50COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
                                                                                                          • API String ID: 0-1718035505
                                                                                                          • Opcode ID: 27aeddb271ce8f65d03e5f0950a53f4decb82c9d4f38e2a192d826304d52ac1d
                                                                                                          • Instruction ID: 985f72870fa5c9fb069723233cf8c1a76ef7ec489b705dc86359a38e145eab32
                                                                                                          • Opcode Fuzzy Hash: 27aeddb271ce8f65d03e5f0950a53f4decb82c9d4f38e2a192d826304d52ac1d
                                                                                                          • Instruction Fuzzy Hash: 1A01F9B57422329BAFE15F747E9069763D45B42317310527BF507EB140D618CC8592AC
                                                                                                          Function 00020F8E Relevance: 9.1, APIs: 6, Instructions: 94timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00020FDD
                                                                                                            • Part of subcall function 0001AEE5: GetVersionExW.KERNEL32(?), ref: 0001AF0A
                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,00020F88), ref: 00021001
                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00021017
                                                                                                          • TzSpecificLocalTimeToSystemTime.KERNEL32(00000000,?,?), ref: 00021026
                                                                                                          • SystemTimeToFileTime.KERNEL32(?,00020F88), ref: 00021034
                                                                                                          • SystemTimeToFileTime.KERNEL32(?,?), ref: 00021042
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Time$File$System$Local$SpecificVersion
                                                                                                          • String ID:
                                                                                                          • API String ID: 2092733347-0
                                                                                                          • Opcode ID: a2f8584bd767bbce6345d3dce31564039dcd317c215cd40997024a224a5e4e48
                                                                                                          • Instruction ID: f8409100df388a7bf1693b2a819cf68c4ad0ef5260a32814b4a2503b2693fc32
                                                                                                          • Opcode Fuzzy Hash: a2f8584bd767bbce6345d3dce31564039dcd317c215cd40997024a224a5e4e48
                                                                                                          • Instruction Fuzzy Hash: CD311A7A90024AEBCB10DFE4D9859EFFBBCFF58300B04451AE915E3210E7349A85CB69
                                                                                                          Function 00029400 Relevance: 9.1, APIs: 6, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _memcmp
                                                                                                          • String ID:
                                                                                                          • API String ID: 2931989736-0
                                                                                                          • Opcode ID: 6ad755461b5f66880c4c49805c0627fce15da44b0e294637d634c16e4af92be8
                                                                                                          • Instruction ID: 81acf99b635498cde1f851f2a805b5781000bf28752ad182d42c8398c6f7dc17
                                                                                                          • Opcode Fuzzy Hash: 6ad755461b5f66880c4c49805c0627fce15da44b0e294637d634c16e4af92be8
                                                                                                          • Instruction Fuzzy Hash: 5E2195B160022EABD719AE10DD41F7F77ADAB51B85F108125FC089F113F770DD468691
                                                                                                          Function 000392B5 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetLastError.KERNEL32(?,00050F50,000340E4,00050F50,?,?,00033B5F,?,?,00050F50), ref: 000392B9
                                                                                                          • _free.LIBCMT ref: 000392EC
                                                                                                          • _free.LIBCMT ref: 00039314
                                                                                                          • SetLastError.KERNEL32(00000000,?,00050F50), ref: 00039321
                                                                                                          • SetLastError.KERNEL32(00000000,?,00050F50), ref: 0003932D
                                                                                                          • _abort.LIBCMT ref: 00039333
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLast$_free$_abort
                                                                                                          • String ID:
                                                                                                          • API String ID: 3160817290-0
                                                                                                          • Opcode ID: 400a75818c6ca9545cc0f34b6925702beb4227fe19aa59bfa1233d9e49794362
                                                                                                          • Instruction ID: 8a3f75505c7d240ecf8a52714914776a402bd2335e4dc22c7a02874c7f90c08a
                                                                                                          • Opcode Fuzzy Hash: 400a75818c6ca9545cc0f34b6925702beb4227fe19aa59bfa1233d9e49794362
                                                                                                          • Instruction Fuzzy Hash: 5BF028BA504A0036D7133339BD0ABAF2AAE9BC3760F350554F655A31D3EEA8C9024128
                                                                                                          Function 0002D5A3 Relevance: 9.0, APIs: 6, Instructions: 43windowsynchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0002D5AF
                                                                                                          • PeekMessageW.USER32(?,00000000,00000000,00000000,00000000), ref: 0002D5C9
                                                                                                          • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0002D5DA
                                                                                                          • TranslateMessage.USER32(?), ref: 0002D5E4
                                                                                                          • DispatchMessageW.USER32(?), ref: 0002D5EE
                                                                                                          • WaitForSingleObject.KERNEL32(?,0000000A), ref: 0002D5F9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Message$ObjectSingleWait$DispatchPeekTranslate
                                                                                                          • String ID:
                                                                                                          • API String ID: 2148572870-0
                                                                                                          • Opcode ID: d444c8586c8412bf539fae330b4160a01ad0e270e0fc78a8a04ab237525b7799
                                                                                                          • Instruction ID: b1e7ee9f03200259c0e37c5f3c0f5c00ae1afe0898fabd184a1ea90c83885836
                                                                                                          • Opcode Fuzzy Hash: d444c8586c8412bf539fae330b4160a01ad0e270e0fc78a8a04ab237525b7799
                                                                                                          • Instruction Fuzzy Hash: ECF03C72E01229ABDB206BA1EC4DEDBBF6DFF52351B008512F60AE2011D6389941C7F0
                                                                                                          Function 0002C7C3 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 135COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetTempPathW.KERNEL32(00000800,?), ref: 0002C7D9
                                                                                                          • _swprintf.LIBCMT ref: 0002C80D
                                                                                                            • Part of subcall function 00013F8F: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00013FA2
                                                                                                          • SetDlgItemTextW.USER32(?,00000066,0005946A), ref: 0002C82D
                                                                                                          • EndDialog.USER32(?,00000001), ref: 0002C941
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DialogItemPathTempText__vswprintf_c_l_swprintf
                                                                                                          • String ID: %s%s%u
                                                                                                          • API String ID: 3182297613-1360425832
                                                                                                          • Opcode ID: 4a78a775255a8fbfe85bfbcba0a79115eac2e7063a729a031c03f10565b6a782
                                                                                                          • Instruction ID: b70636c43ef6db4c8eb8acaa70204e17127d43776bea3b2befcfc34dbd0a6dda
                                                                                                          • Opcode Fuzzy Hash: 4a78a775255a8fbfe85bfbcba0a79115eac2e7063a729a031c03f10565b6a782
                                                                                                          • Instruction Fuzzy Hash: 4A418771D00628AAEB25DBA0EC85EDE77BCEF05301F1040A6E509E6151EB759BC4CF51
                                                                                                          Function 0002B07D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59windowCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadBitmapW.USER32(00000065), ref: 0002B08D
                                                                                                          • GetObjectW.GDI32(00000000,00000018,?), ref: 0002B0B2
                                                                                                          • DeleteObject.GDI32(00000000), ref: 0002B0E4
                                                                                                          • DeleteObject.GDI32(00000000), ref: 0002B107
                                                                                                            • Part of subcall function 0002A07C: FindResourceW.KERNEL32(0002B0DD,PNG,?,?,?,0002B0DD,00000066), ref: 0002A08E
                                                                                                            • Part of subcall function 0002A07C: SizeofResource.KERNEL32(00000000,00000000,?,?,?,0002B0DD,00000066), ref: 0002A0A6
                                                                                                            • Part of subcall function 0002A07C: LoadResource.KERNEL32(00000000,?,?,?,0002B0DD,00000066), ref: 0002A0B9
                                                                                                            • Part of subcall function 0002A07C: LockResource.KERNEL32(00000000,?,?,?,0002B0DD,00000066), ref: 0002A0C4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Resource$Object$DeleteLoad$BitmapFindLockSizeof
                                                                                                          • String ID: ]
                                                                                                          • API String ID: 142272564-3352871620
                                                                                                          • Opcode ID: 04732cfb9c25e5496208429a6cc78524c20e918314e64dfb29fe7caca591a53c
                                                                                                          • Instruction ID: 09c179443d3e49a9da831423712f20312cb1bbf750053a4d01b7a9dad1114435
                                                                                                          • Opcode Fuzzy Hash: 04732cfb9c25e5496208429a6cc78524c20e918314e64dfb29fe7caca591a53c
                                                                                                          • Instruction Fuzzy Hash: 6001D632940325A7E7623764BC45BBFBBAAEF82751F040015FD14B7292DF368C1586B1
                                                                                                          Function 0002CF50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0001130B: GetDlgItem.USER32(00000000,00003021), ref: 0001134F
                                                                                                            • Part of subcall function 0001130B: SetWindowTextW.USER32(00000000,000435B4), ref: 00011365
                                                                                                          • EndDialog.USER32(?,00000001), ref: 0002CF9B
                                                                                                          • GetDlgItemTextW.USER32(?,00000068,00000800), ref: 0002CFB1
                                                                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 0002CFC5
                                                                                                          • SetDlgItemTextW.USER32(?,00000068), ref: 0002CFD4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ItemText$DialogWindow
                                                                                                          • String ID: RENAMEDLG
                                                                                                          • API String ID: 445417207-3299779563
                                                                                                          • Opcode ID: 2a1db7ff946706611397dc57f321dfc4d13216810221327bcc40682fb58d6f19
                                                                                                          • Instruction ID: 02f31de87bc834f0158c7dfc98f3b2696c3e22e06749ed6312b61a6c0f16c45a
                                                                                                          • Opcode Fuzzy Hash: 2a1db7ff946706611397dc57f321dfc4d13216810221327bcc40682fb58d6f19
                                                                                                          • Instruction Fuzzy Hash: 6D0128326C43207EF6A04F68AE08FAF779EFB59702F000431F306A60D0C6B958058775
                                                                                                          Function 00037893 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00037844,?,?,000377E4,?,0004BAD8,0000000C,0003793B,?,00000002), ref: 000378B3
                                                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 000378C6
                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,00037844,?,?,000377E4,?,0004BAD8,0000000C,0003793B,?,00000002,00000000), ref: 000378E9
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                                                          • API String ID: 4061214504-1276376045
                                                                                                          • Opcode ID: c35caceacdef8e25510406e4b43460c9cdcb969ff5049d92840b84bde2436e05
                                                                                                          • Instruction ID: 03e80d2a810226376bbb75c0703b4268c39b3feeabd1bcf4750745ed55403539
                                                                                                          • Opcode Fuzzy Hash: c35caceacdef8e25510406e4b43460c9cdcb969ff5049d92840b84bde2436e05
                                                                                                          • Instruction Fuzzy Hash: 74F0C2B4A44218FBDB25AFA4DD09B9DBFB8EF04752F000178F809A6160DF348E44DB98
                                                                                                          Function 0001EE4E Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00020360: GetSystemDirectoryW.KERNEL32(?,00000800), ref: 0002037B
                                                                                                            • Part of subcall function 00020360: LoadLibraryW.KERNELBASE(?,?,?,?,00000800,?,0001EE61,Crypt32.dll,00000000,0001EEE5,?,?,0001EEC7,?,?,?), ref: 0002039D
                                                                                                          • GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0001EE6D
                                                                                                          • GetProcAddress.KERNEL32(000581C0,CryptUnprotectMemory), ref: 0001EE7D
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$DirectoryLibraryLoadSystem
                                                                                                          • String ID: Crypt32.dll$CryptProtectMemory$CryptUnprotectMemory
                                                                                                          • API String ID: 2141747552-1753850145
                                                                                                          • Opcode ID: 1368a94f39834f9a20d6b8783b6227dd2cab863f28fc6e0e1627f856e15806d0
                                                                                                          • Instruction ID: 26a5ea3bdd2fec5d05299aa15018d2037e3851a3e9c598b0afbaa37a261ca95e
                                                                                                          • Opcode Fuzzy Hash: 1368a94f39834f9a20d6b8783b6227dd2cab863f28fc6e0e1627f856e15806d0
                                                                                                          • Instruction Fuzzy Hash: 8BE04FF4800751AED7709F34E809B46BAE46F15700F00A92DE586D7241D6B5D9848B54
                                                                                                          Function 000380C8 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free
                                                                                                          • String ID:
                                                                                                          • API String ID: 269201875-0
                                                                                                          • Opcode ID: e0c006d6af1085d8671633f16afc0eb5a2a9ffab947f2cb3f888b831b0dc6afe
                                                                                                          • Instruction ID: d3875d24cf3f1dd3b930d1e85de2a260ee5d7392550ffccf206b79afdf93cac9
                                                                                                          • Opcode Fuzzy Hash: e0c006d6af1085d8671633f16afc0eb5a2a9ffab947f2cb3f888b831b0dc6afe
                                                                                                          • Instruction Fuzzy Hash: A441B276A003009FDB26DF78C881A9AB3E9EF89314F1585A9F515EB251DB31ED01CB80
                                                                                                          Function 0003B9A0 Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetEnvironmentStringsW.KERNEL32 ref: 0003B9A9
                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0003B9CC
                                                                                                            • Part of subcall function 00038838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00033CF6,?,0000015D,?,?,?,?,000351D2,000000FF,00000000,?,?), ref: 0003886A
                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 0003B9F2
                                                                                                          • _free.LIBCMT ref: 0003BA05
                                                                                                          • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0003BA14
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                          • String ID:
                                                                                                          • API String ID: 336800556-0
                                                                                                          • Opcode ID: 057c7dada146de9bb7c0c02322182e37b50b30b93f410bcd4e3bc19ae931636f
                                                                                                          • Instruction ID: cf6d20e5876358a70ff4ad8681e75669b762f11151e294a7493d6d2311437e28
                                                                                                          • Opcode Fuzzy Hash: 057c7dada146de9bb7c0c02322182e37b50b30b93f410bcd4e3bc19ae931636f
                                                                                                          • Instruction Fuzzy Hash: 8501B1B6A01B507F27226A7A6C8DCBB7AADDBC6BA4B140129FA04D2101EF648D0181B1
                                                                                                          Function 00020A36 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 00020D11: ResetEvent.KERNEL32(?), ref: 00020D23
                                                                                                            • Part of subcall function 00020D11: ReleaseSemaphore.KERNEL32(?,00000000,00000000), ref: 00020D37
                                                                                                          • ReleaseSemaphore.KERNEL32(?,00000040,00000000), ref: 00020A6A
                                                                                                          • CloseHandle.KERNEL32(?,?), ref: 00020A84
                                                                                                          • DeleteCriticalSection.KERNEL32(?), ref: 00020A9D
                                                                                                          • CloseHandle.KERNEL32(?), ref: 00020AA9
                                                                                                          • CloseHandle.KERNEL32(?), ref: 00020AB5
                                                                                                            • Part of subcall function 00020B29: WaitForSingleObject.KERNEL32(?,000000FF,00020C48,?,?,00020CBF,?,?,?,?,?,00020CA9), ref: 00020B2F
                                                                                                            • Part of subcall function 00020B29: GetLastError.KERNEL32(?,?,00020CBF,?,?,?,?,?,00020CA9), ref: 00020B3B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle$ReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
                                                                                                          • String ID:
                                                                                                          • API String ID: 1868215902-0
                                                                                                          • Opcode ID: 6932cb42b3bcb6227cccc10f1ee663ed967f4486becd40d8d8d5a6af52938f89
                                                                                                          • Instruction ID: 2bc2be4c2c2b4341346f3921305beb2f2290542c719b2edfeee0d5b108586775
                                                                                                          • Opcode Fuzzy Hash: 6932cb42b3bcb6227cccc10f1ee663ed967f4486becd40d8d8d5a6af52938f89
                                                                                                          • Instruction Fuzzy Hash: D501B5B5500704EFCB329B69ED84FC6FBE9FB49710F004629F15A42161CB766A44CB94
                                                                                                          Function 0003C26F Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _free.LIBCMT ref: 0003C287
                                                                                                            • Part of subcall function 000387FE: RtlFreeHeap.NTDLL(00000000,00000000,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?), ref: 00038814
                                                                                                            • Part of subcall function 000387FE: GetLastError.KERNEL32(?,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?,?), ref: 00038826
                                                                                                          • _free.LIBCMT ref: 0003C299
                                                                                                          • _free.LIBCMT ref: 0003C2AB
                                                                                                          • _free.LIBCMT ref: 0003C2BD
                                                                                                          • _free.LIBCMT ref: 0003C2CF
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 776569668-0
                                                                                                          • Opcode ID: 6e3b3f150375f9d459450b7717767449538c38cc82bc5742a759ad4401962c84
                                                                                                          • Instruction ID: 458feee1d9317d45f4b7fb3c1dc2995a7c1ebfb7c2decadbb60eac85bd7f7e04
                                                                                                          • Opcode Fuzzy Hash: 6e3b3f150375f9d459450b7717767449538c38cc82bc5742a759ad4401962c84
                                                                                                          • Instruction Fuzzy Hash: B4F0FF73914340BBAA62EBA9EAC5C5A73DEBB01720F644845F119EB511CF34FC804768
                                                                                                          Function 00038350 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _free.LIBCMT ref: 0003836E
                                                                                                            • Part of subcall function 000387FE: RtlFreeHeap.NTDLL(00000000,00000000,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?), ref: 00038814
                                                                                                            • Part of subcall function 000387FE: GetLastError.KERNEL32(?,?,0003C306,?,00000000,?,00000000,?,0003C32D,?,00000007,?,?,0003C72A,?,?), ref: 00038826
                                                                                                          • _free.LIBCMT ref: 00038380
                                                                                                          • _free.LIBCMT ref: 00038393
                                                                                                          • _free.LIBCMT ref: 000383A4
                                                                                                          • _free.LIBCMT ref: 000383B5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$ErrorFreeHeapLast
                                                                                                          • String ID:
                                                                                                          • API String ID: 776569668-0
                                                                                                          • Opcode ID: 5d93d48e9f293cc4d741074a52b0bf281ea3b7d76fe74b02cc1511be0daa1323
                                                                                                          • Instruction ID: 3fee506979cff2becb4fb86c631f5e166122dd15a540e59b0ac9e576c2888d40
                                                                                                          • Opcode Fuzzy Hash: 5d93d48e9f293cc4d741074a52b0bf281ea3b7d76fe74b02cc1511be0daa1323
                                                                                                          • Instruction Fuzzy Hash: EFF06DB5D253109BAF426B1AFC424C43A6AB705B107288186F108AB2B2CF3D44928B89
                                                                                                          Function 00021107 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 198COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _swprintf
                                                                                                          • String ID: %ls$%s: %s
                                                                                                          • API String ID: 589789837-2259941744
                                                                                                          • Opcode ID: 5cd8aa473f6730d73af7355695b74cad277ebad6771d774ba2ef107fe89f8068
                                                                                                          • Instruction ID: 1bfca8a617fae399269f08f8e316b459685fb50fc35b7efded6c9afbe03cfa12
                                                                                                          • Opcode Fuzzy Hash: 5cd8aa473f6730d73af7355695b74cad277ebad6771d774ba2ef107fe89f8068
                                                                                                          • Instruction Fuzzy Hash: 93511A7138C324FAE7326ED4FD02FFE769AAB25B00F204506F786A84D2C6B156706706
                                                                                                          Function 0003798E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe,00000104), ref: 000379CE
                                                                                                          • _free.LIBCMT ref: 00037A99
                                                                                                          • _free.LIBCMT ref: 00037AA3
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: _free$FileModuleName
                                                                                                          • String ID: C:\Users\user\Desktop\f3aef511705f37f9792c6032b936ca61.exe
                                                                                                          • API String ID: 2506810119-3606139780
                                                                                                          • Opcode ID: 0a0d6d4a5a19623227c30d3375d7b5ce92794f917fb2715599c62ab3103a6da3
                                                                                                          • Instruction ID: 069cbbf60b733e1f476329e2e8f9350d70219a91a372a6c8ed13240284bba7ca
                                                                                                          • Opcode Fuzzy Hash: 0a0d6d4a5a19623227c30d3375d7b5ce92794f917fb2715599c62ab3103a6da3
                                                                                                          • Instruction Fuzzy Hash: 693180B1A08608EFDB32DF99DC85ADEBBFCEB85310F1441A6F508A7251D6748E80CB51
                                                                                                          Function 00017638 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 93COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 0001763D
                                                                                                            • Part of subcall function 00013AC2: __EH_prolog.LIBCMT ref: 00013AC7
                                                                                                          • GetLastError.KERNEL32(00000052,?,?,?,?,00000800,?,?,?,00000000,00000000), ref: 00017704
                                                                                                            • Part of subcall function 00017CC4: GetCurrentProcess.KERNEL32(00000020,?), ref: 00017CD3
                                                                                                            • Part of subcall function 00017CC4: GetLastError.KERNEL32 ref: 00017D19
                                                                                                            • Part of subcall function 00017CC4: CloseHandle.KERNEL32(?), ref: 00017D28
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorH_prologLast$CloseCurrentHandleProcess
                                                                                                          • String ID: SeRestorePrivilege$SeSecurityPrivilege
                                                                                                          • API String ID: 3813983858-639343689
                                                                                                          • Opcode ID: c70186f9a756a588f9d7932856ece0e92c5eaf87a5572a1b78dbd0f26d3242a9
                                                                                                          • Instruction ID: 5f81869483e66f10a2665328d2d400d9dcf8b8f15a8571b1248980181ffa2b0f
                                                                                                          • Opcode Fuzzy Hash: c70186f9a756a588f9d7932856ece0e92c5eaf87a5572a1b78dbd0f26d3242a9
                                                                                                          • Instruction Fuzzy Hash: 3C31F871A48344AEEF20EB64EC45BEE7BB9EF54314F044059F84DA7183C7744A84C7A1
                                                                                                          Function 0002A6C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0001130B: GetDlgItem.USER32(00000000,00003021), ref: 0001134F
                                                                                                            • Part of subcall function 0001130B: SetWindowTextW.USER32(00000000,000435B4), ref: 00011365
                                                                                                          • EndDialog.USER32(?,00000001), ref: 0002A748
                                                                                                          • GetDlgItemTextW.USER32(?,00000066,?,?), ref: 0002A75D
                                                                                                          • SetDlgItemTextW.USER32(?,00000066,?), ref: 0002A772
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ItemText$DialogWindow
                                                                                                          • String ID: ASKNEXTVOL
                                                                                                          • API String ID: 445417207-3402441367
                                                                                                          • Opcode ID: d3d8e802a1d8c8108adfeede0f946f872dc08d9b8eb4f796ddf13a9fac72d03e
                                                                                                          • Instruction ID: 9624d4d655f5f63be9c34f507f43e22e9f4c93fc40ce2a89e35efae1fc91b986
                                                                                                          • Opcode Fuzzy Hash: d3d8e802a1d8c8108adfeede0f946f872dc08d9b8eb4f796ddf13a9fac72d03e
                                                                                                          • Instruction Fuzzy Hash: D711B972708220EFE6229F54ED45FAA77F9FB4B740F100114F304EB1B1CB699885972A
                                                                                                          Function 0001D483 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __fprintf_l_strncpy
                                                                                                          • String ID: $%s$@%s
                                                                                                          • API String ID: 1857242416-834177443
                                                                                                          • Opcode ID: 0e880f3da7b95bee4fb0ec5e1503e4374c0f527fdadf59f150d39a9392afca33
                                                                                                          • Instruction ID: faecfe40f1df7c3c0c1325de122a098e5c6d30e13ff297df254fa8c694c5e86a
                                                                                                          • Opcode Fuzzy Hash: 0e880f3da7b95bee4fb0ec5e1503e4374c0f527fdadf59f150d39a9392afca33
                                                                                                          • Instruction Fuzzy Hash: CC215E72540248ABEF31EEA4CD46FDE3BE8AF04300F044422FA14961A2E375EA958B61
                                                                                                          Function 0002AC20 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0001130B: GetDlgItem.USER32(00000000,00003021), ref: 0001134F
                                                                                                            • Part of subcall function 0001130B: SetWindowTextW.USER32(00000000,000435B4), ref: 00011365
                                                                                                          • EndDialog.USER32(?,00000001), ref: 0002AC6E
                                                                                                          • GetDlgItemTextW.USER32(?,00000066,?,00000080), ref: 0002AC86
                                                                                                          • SetDlgItemTextW.USER32(?,00000067,?), ref: 0002ACB4
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ItemText$DialogWindow
                                                                                                          • String ID: GETPASSWORD1
                                                                                                          • API String ID: 445417207-3292211884
                                                                                                          • Opcode ID: 046eba6e4b23b51760ac46c83f1e7024c8855d69cc374926d9b8669ccda4d7c4
                                                                                                          • Instruction ID: f6a6001a9ce59231c7437629d4516b0e3c0753945519b2170ad7fed8ac3c2f44
                                                                                                          • Opcode Fuzzy Hash: 046eba6e4b23b51760ac46c83f1e7024c8855d69cc374926d9b8669ccda4d7c4
                                                                                                          • Instruction Fuzzy Hash: 9B112B72A40128B7DB219E64EC49FFF3B7CEB5A700F100424FB45B2581CA659D8586B2
                                                                                                          Function 00020995 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 60COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • InitializeCriticalSection.KERNEL32(00000320,00000000,?,?,?,0001ADB5,00000008,?,00000000,?,0001CD8C,?,00000000), ref: 000209CE
                                                                                                          • CreateSemaphoreW.KERNEL32(00000000,00000000,00000040,00000000,?,?,?,0001ADB5,00000008,?,00000000,?,0001CD8C,?,00000000), ref: 000209D8
                                                                                                          • CreateEventW.KERNEL32(00000000,00000001,00000001,00000000,?,?,?,0001ADB5,00000008,?,00000000,?,0001CD8C,?,00000000), ref: 000209E8
                                                                                                          Strings
                                                                                                          • Thread pool initialization failed., xrefs: 00020A00
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Create$CriticalEventInitializeSectionSemaphore
                                                                                                          • String ID: Thread pool initialization failed.
                                                                                                          • API String ID: 3340455307-2182114853
                                                                                                          • Opcode ID: e68575030eda6990e04a27eb7a5dcd7c8685a9a6c62c066fc52c7e2648d746df
                                                                                                          • Instruction ID: 4b1b9c0015be194d1b37849cb185c47247a3d395705ed7906505ca507a45c3cd
                                                                                                          • Opcode Fuzzy Hash: e68575030eda6990e04a27eb7a5dcd7c8685a9a6c62c066fc52c7e2648d746df
                                                                                                          • Instruction Fuzzy Hash: A511C2F1600708AFE3305F65DC84AA7FBECEB65714F10492EF1DA82202D6B12980CB64
                                                                                                          Function 0002D648 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: RENAMEDLG$REPLACEFILEDLG
                                                                                                          • API String ID: 0-56093855
                                                                                                          • Opcode ID: 9adca0f2abe347d1c8d07f704e04f3db1be125383e46d861a737c7442812538a
                                                                                                          • Instruction ID: 42c7debb93c4baac0fd0a96a66bf2630fb39b7a778eda3cc376977b7bdc6f102
                                                                                                          • Opcode Fuzzy Hash: 9adca0f2abe347d1c8d07f704e04f3db1be125383e46d861a737c7442812538a
                                                                                                          • Instruction Fuzzy Hash: 8C019EB2A00319AFEB514F54FD08E5B7BEAE705395B144423FD09E2230DAB98C50EFA0
                                                                                                          Function 000394EE Relevance: 6.3, APIs: 4, Instructions: 305COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: __alldvrm$_strrchr
                                                                                                          • String ID:
                                                                                                          • API String ID: 1036877536-0
                                                                                                          • Opcode ID: e530949d133c0fe719df7704e4bd8e68177ea7de6064a97516e7fd75facf1640
                                                                                                          • Instruction ID: d2b64b1cf87692c8191c64e9c1d80d07fa1f062f72f1c9c7acdde11f0c88ac91
                                                                                                          • Opcode Fuzzy Hash: e530949d133c0fe719df7704e4bd8e68177ea7de6064a97516e7fd75facf1640
                                                                                                          • Instruction Fuzzy Hash: 2FA16872A147869FEB23CF18C8927FEBBE9EF15310F14416DE5959B282C6B88D41C750
                                                                                                          Function 0003C3F8 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,8FE85006,00034236,00000000,00000000,0003526B,?,0003526B,?,00000001,00034236,8FE85006,00000001,0003526B,0003526B), ref: 0003C445
                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 0003C4CE
                                                                                                          • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 0003C4E0
                                                                                                          • __freea.LIBCMT ref: 0003C4E9
                                                                                                            • Part of subcall function 00038838: RtlAllocateHeap.NTDLL(00000000,?,?,?,00033CF6,?,0000015D,?,?,?,?,000351D2,000000FF,00000000,?,?), ref: 0003886A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                          • String ID:
                                                                                                          • API String ID: 2652629310-0
                                                                                                          • Opcode ID: ae08408804ff8e1d425dbfb716dbe719c449f7f8ae1380c850928fb58d44c7d1
                                                                                                          • Instruction ID: b3bac7cf21a96a36a6eccf92df91a9131a60d97e86a107d6777aac6cadce57e4
                                                                                                          • Opcode Fuzzy Hash: ae08408804ff8e1d425dbfb716dbe719c449f7f8ae1380c850928fb58d44c7d1
                                                                                                          • Instruction Fuzzy Hash: 6B31CD72A0021AABEF269F74DC51DFE7BA9EB01710F154168FC04EA251EB35CD50CBA0
                                                                                                          Function 000327A3 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___BuildCatchObject.LIBVCRUNTIME ref: 000327BA
                                                                                                            • Part of subcall function 00032DF2: ___AdjustPointer.LIBCMT ref: 00032E3C
                                                                                                          • _UnwindNestedFrames.LIBCMT ref: 000327D1
                                                                                                          • ___FrameUnwindToState.LIBVCRUNTIME ref: 000327E3
                                                                                                          • CallCatchBlock.LIBVCRUNTIME ref: 00032807
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CatchUnwind$AdjustBlockBuildCallFrameFramesNestedObjectPointerState
                                                                                                          • String ID:
                                                                                                          • API String ID: 2633735394-0
                                                                                                          • Opcode ID: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                                                                          • Instruction ID: ace475c464f1af51dd6fdea5bde900532cb2e5ba7a908ff91fcb3601932ae6e4
                                                                                                          • Opcode Fuzzy Hash: 8ab29acd33a3066b3f23f97a448595ce03f4b23344991831e99f7cf6ac797a0c
                                                                                                          • Instruction Fuzzy Hash: 1201E532000109BBDF13AF65DD41EEA7BBAFF58754F158124F91866122C736E8A1EBA0
                                                                                                          Function 0002A01B Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetDC.USER32(00000000), ref: 0002A01E
                                                                                                          • GetDeviceCaps.GDI32(00000000,00000058), ref: 0002A02D
                                                                                                          • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0002A03B
                                                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 0002A049
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CapsDevice$Release
                                                                                                          • String ID:
                                                                                                          • API String ID: 1035833867-0
                                                                                                          • Opcode ID: 568e58cb1ecb8d513816870c43a5d5ff2e1329374d91f372948b2421be57d429
                                                                                                          • Instruction ID: 533fc774e6339eabb221240d11f61661d16361c9ab7654e131a3811a452a9cbd
                                                                                                          • Opcode Fuzzy Hash: 568e58cb1ecb8d513816870c43a5d5ff2e1329374d91f372948b2421be57d429
                                                                                                          • Instruction Fuzzy Hash: 40E0EC31D85721A7E3601BA17C0DB8B3B54FB09B13F054005FA0AB6191EA7C4485CFF1
                                                                                                          Function 000322B6 Relevance: 6.0, APIs: 4, Instructions: 14COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ___vcrt_initialize_pure_virtual_call_handler.LIBVCRUNTIME ref: 000322B6
                                                                                                          • ___vcrt_initialize_winapi_thunks.LIBVCRUNTIME ref: 000322BB
                                                                                                          • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 000322C0
                                                                                                            • Part of subcall function 000333BE: ___vcrt_InitializeCriticalSectionEx.LIBVCRUNTIME ref: 000333CF
                                                                                                          • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 000322D5
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CriticalInitializeSection___vcrt____vcrt_initialize_locks___vcrt_initialize_pure_virtual_call_handler___vcrt_initialize_winapi_thunks___vcrt_uninitialize_locks
                                                                                                          • String ID:
                                                                                                          • API String ID: 1761009282-0
                                                                                                          • Opcode ID: 5bd959aa501a7ab12ea48519a29bdec622f540cb30e6334150180b8a95b84f40
                                                                                                          • Instruction ID: 7a05500db7946741beca08ae3ead97293f6910f1e2d9b82b096671cf85b24350
                                                                                                          • Opcode Fuzzy Hash: 5bd959aa501a7ab12ea48519a29bdec622f540cb30e6334150180b8a95b84f40
                                                                                                          • Instruction Fuzzy Hash: 7DC04C74409251781C773AB536872EE434C5F56BC5F8064C1E852175079D05074A2833
                                                                                                          Function 0002A1BD Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 241COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0002A051: GetDC.USER32(00000000), ref: 0002A055
                                                                                                            • Part of subcall function 0002A051: GetDeviceCaps.GDI32(00000000,0000000C), ref: 0002A060
                                                                                                            • Part of subcall function 0002A051: ReleaseDC.USER32(00000000,00000000), ref: 0002A06B
                                                                                                          • GetObjectW.GDI32(?,00000018,?), ref: 0002A1ED
                                                                                                            • Part of subcall function 0002A476: GetDC.USER32(00000000), ref: 0002A47F
                                                                                                            • Part of subcall function 0002A476: GetObjectW.GDI32(?,00000018,?), ref: 0002A4AE
                                                                                                            • Part of subcall function 0002A476: ReleaseDC.USER32(00000000,?), ref: 0002A546
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ObjectRelease$CapsDevice
                                                                                                          • String ID: (
                                                                                                          • API String ID: 1061551593-3887548279
                                                                                                          • Opcode ID: 413c4df9bba053ac273dab2c028ccc8da93a8a5241a6b639b48cbdcccd672edb
                                                                                                          • Instruction ID: 2fabdc25a52c0b9ce826484a81a9a9108ff8a2ed309470922c8aac8df8e9cb6f
                                                                                                          • Opcode Fuzzy Hash: 413c4df9bba053ac273dab2c028ccc8da93a8a5241a6b639b48cbdcccd672edb
                                                                                                          • Instruction Fuzzy Hash: B6910175608354AFD710DF28D948A2BBBE8FFCA700F00481DF98AD7261DA75A905CB62
                                                                                                          Function 0003AC28 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 168COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • _free.LIBCMT ref: 0003AD94
                                                                                                            • Part of subcall function 00038B69: IsProcessorFeaturePresent.KERNEL32(00000017,00038B58,0000002C,0004BC40,0003BD76,00000000,00000000,00039338,?,?,00038B65,00000000,00000000,00000000,00000000,00000000), ref: 00038B6B
                                                                                                            • Part of subcall function 00038B69: GetCurrentProcess.KERNEL32(C0000417,0004BC40,0000002C,00038896,00000016,00039338), ref: 00038B8D
                                                                                                            • Part of subcall function 00038B69: TerminateProcess.KERNEL32(00000000), ref: 00038B94
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Process$CurrentFeaturePresentProcessorTerminate_free
                                                                                                          • String ID: *?$.
                                                                                                          • API String ID: 2667617558-3972193922
                                                                                                          • Opcode ID: b6f4886fb241bc6412e8874b3df55810ed09b0cad714297808d292c8a57c0ef0
                                                                                                          • Instruction ID: 16d94b3e43d573885ed3fab2825e5e3a50e4049379174603d95796ec5247a370
                                                                                                          • Opcode Fuzzy Hash: b6f4886fb241bc6412e8874b3df55810ed09b0cad714297808d292c8a57c0ef0
                                                                                                          • Instruction Fuzzy Hash: A3519F71E00209AFDF16DFA8C881AEDB7F9FF59310F248169E895E7341EA359E018B51
                                                                                                          Function 000177FA Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • __EH_prolog.LIBCMT ref: 000177FF
                                                                                                          • SetFileTime.KERNEL32(?,?,?,?,?,00000005,?,00000011,?,?,00000000,?,0000003A,00000802), ref: 0001799B
                                                                                                            • Part of subcall function 0001A637: SetFileAttributesW.KERNELBASE(?,00000000,00000001,?,0001A46D,?,?,?,0001A2B3,?,00000001,00000000,?,?), ref: 0001A64B
                                                                                                            • Part of subcall function 0001A637: SetFileAttributesW.KERNEL32(?,00000000,?,?,00000800,?,0001A46D,?,?,?,0001A2B3,?,00000001,00000000,?,?), ref: 0001A67C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: File$Attributes$H_prologTime
                                                                                                          • String ID: :
                                                                                                          • API String ID: 1861295151-336475711
                                                                                                          • Opcode ID: 0fd9aef93026f1775eec5ce72ca5546f98d4ba8077c9eea360f392e10821a4f9
                                                                                                          • Instruction ID: 6cf0ad56edbdd4c9cf4b2980bfb5d27d67105038b0df85a3754b40f5411445b3
                                                                                                          • Opcode Fuzzy Hash: 0fd9aef93026f1775eec5ce72ca5546f98d4ba8077c9eea360f392e10821a4f9
                                                                                                          • Instruction Fuzzy Hash: 72415F71905268AAEB21EB50DD55EEEB3BDEF45300F0041DAB649A3083DB745FC9CB61
                                                                                                          Function 0001B85C Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: UNC$\\?\
                                                                                                          • API String ID: 0-253988292
                                                                                                          • Opcode ID: 05ede41cb5590300bb5074af2048467f2312cc76b7912fe6a51a35f88bacf446
                                                                                                          • Instruction ID: 3b14a1c83c23c2283a929bbc32ada848d39a3b71beed98bc74d394b9943001af
                                                                                                          • Opcode Fuzzy Hash: 05ede41cb5590300bb5074af2048467f2312cc76b7912fe6a51a35f88bacf446
                                                                                                          • Instruction Fuzzy Hash: 8641A231500319BACF21AF61DC42EEF77ADAF55390F10446AF95497142EB70DED2C6A0
                                                                                                          Function 000291F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: Shell.Explorer$about:blank
                                                                                                          • API String ID: 0-874089819
                                                                                                          • Opcode ID: a47756828187e5a1c02d685f6d547b3fea4a65c46f1ba4c8a0f45bbe66e6f8da
                                                                                                          • Instruction ID: 1cbbb205d46c5149bb63970861aa3216629d328bef0f2306d7bd2e1d4a38c621
                                                                                                          • Opcode Fuzzy Hash: a47756828187e5a1c02d685f6d547b3fea4a65c46f1ba4c8a0f45bbe66e6f8da
                                                                                                          • Instruction Fuzzy Hash: 4E216275214324EFDB089F64E895A6A77A8FF88720F15846DF9099F287DB70EC00CB64
                                                                                                          Function 0001EECD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0001EE4E: GetProcAddress.KERNEL32(00000000,CryptProtectMemory), ref: 0001EE6D
                                                                                                            • Part of subcall function 0001EE4E: GetProcAddress.KERNEL32(000581C0,CryptUnprotectMemory), ref: 0001EE7D
                                                                                                          • GetCurrentProcessId.KERNEL32(?,?,?,0001EEC7), ref: 0001EF5F
                                                                                                          Strings
                                                                                                          • CryptUnprotectMemory failed, xrefs: 0001EF57
                                                                                                          • CryptProtectMemory failed, xrefs: 0001EF16
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AddressProc$CurrentProcess
                                                                                                          • String ID: CryptProtectMemory failed$CryptUnprotectMemory failed
                                                                                                          • API String ID: 2190909847-396321323
                                                                                                          • Opcode ID: 769f3cdace20091b00ca3c316ae7f8e8ddf8d7c3d8a7854a383c08a3a8d4acb0
                                                                                                          • Instruction ID: 1b5c9c677abb3f9a26407385aab0861ad6161ef67cffe05ce011baccfb7a2a8c
                                                                                                          • Opcode Fuzzy Hash: 769f3cdace20091b00ca3c316ae7f8e8ddf8d7c3d8a7854a383c08a3a8d4acb0
                                                                                                          • Instruction Fuzzy Hash: FA113B71A09668ABEB215F20DC02AEF3799EF04720B04812DFC056B292CB795E8287D4
                                                                                                          Function 0001130B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                            • Part of subcall function 0001DD73: _swprintf.LIBCMT ref: 0001DD99
                                                                                                            • Part of subcall function 0001DD73: _strlen.LIBCMT ref: 0001DDBA
                                                                                                            • Part of subcall function 0001DD73: SetDlgItemTextW.USER32(?,0004E154,?), ref: 0001DE1A
                                                                                                            • Part of subcall function 0001DD73: GetWindowRect.USER32(?,?), ref: 0001DE54
                                                                                                            • Part of subcall function 0001DD73: GetClientRect.USER32(?,?), ref: 0001DE60
                                                                                                          • GetDlgItem.USER32(00000000,00003021), ref: 0001134F
                                                                                                          • SetWindowTextW.USER32(00000000,000435B4), ref: 00011365
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ItemRectTextWindow$Client_strlen_swprintf
                                                                                                          • String ID: 0
                                                                                                          • API String ID: 2622349952-4108050209
                                                                                                          • Opcode ID: d30f7d3d1d738314a2d5540645651a96654fc8ed5167275ec4f3f919095ebb2f
                                                                                                          • Instruction ID: 473f6fad26b4d6b94f08e4ecf537de8287edf9339807b1a1bb55df02638d7408
                                                                                                          • Opcode Fuzzy Hash: d30f7d3d1d738314a2d5540645651a96654fc8ed5167275ec4f3f919095ebb2f
                                                                                                          • Instruction Fuzzy Hash: 98F0AFB050034CA6DF690FA1CC09BEE3BD8BB20345F088014FE59549E1CB78CAD6EA50
                                                                                                          Function 00020B29 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF,00020C48,?,?,00020CBF,?,?,?,?,?,00020CA9), ref: 00020B2F
                                                                                                          • GetLastError.KERNEL32(?,?,00020CBF,?,?,?,?,?,00020CA9), ref: 00020B3B
                                                                                                            • Part of subcall function 00016E68: __vswprintf_c_l.LEGACY_STDIO_DEFINITIONS ref: 00016E86
                                                                                                          Strings
                                                                                                          • WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00020B44
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorLastObjectSingleWait__vswprintf_c_l
                                                                                                          • String ID: WaitForMultipleObjects error %d, GetLastError %d
                                                                                                          • API String ID: 1091760877-2248577382
                                                                                                          • Opcode ID: 0c9d0ecfda153b94bcc28d67cc86518776c5f69cc65e47b9cf097a09e8ed200b
                                                                                                          • Instruction ID: a385dad8372c49c4672f9ac10339372d27831369f1629c1c63f62f71199fe136
                                                                                                          • Opcode Fuzzy Hash: 0c9d0ecfda153b94bcc28d67cc86518776c5f69cc65e47b9cf097a09e8ed200b
                                                                                                          • Instruction Fuzzy Hash: 00D05EB690813076DA112724ED0AEEF79599B62730F240B24F639651E6CB660A8182E9
                                                                                                          Function 0001DD29 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 13COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,0001D5EF,?), ref: 0001DD2E
                                                                                                          • FindResourceW.KERNEL32(00000000,RTL,00000005,?,0001D5EF,?), ref: 0001DD3C
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000000.00000002.2093236579.0000000000011000.00000020.00000001.01000000.00000003.sdmp, Offset: 00010000, based on PE: true
                                                                                                          • Associated: 00000000.00000002.2093217964.0000000000010000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093268763.0000000000043000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.000000000004E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000054000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093293585.0000000000071000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000072000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.0000000000079000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          • Associated: 00000000.00000002.2093383787.000000000009B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_0_2_10000_f3aef511705f37f9792c6032b936ca61.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FindHandleModuleResource
                                                                                                          • String ID: RTL
                                                                                                          • API String ID: 3537982541-834975271
                                                                                                          • Opcode ID: 277648eee7bd7508106ddb320708546088f1ce9f3748363c03af40b0963d5bbc
                                                                                                          • Instruction ID: c01c0b3c877c04df7bcccb3aea8d3a82b1fa8bd9c38ab5fa389d0ae3b6944a77
                                                                                                          • Opcode Fuzzy Hash: 277648eee7bd7508106ddb320708546088f1ce9f3748363c03af40b0963d5bbc
                                                                                                          • Instruction Fuzzy Hash: BFC08CB138535076FB3427307E2DB832E88AB12B12F19255DF641DE1D0DAF9C981C7A4

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:8.9%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:37
                                                                                                          Total number of Limit Nodes:1
                                                                                                          execution_graph 1689 90a612 1690 90a646 CreateMutexW 1689->1690 1692 90a6c1 1690->1692 1705 90a2d2 1706 90a2d6 SetErrorMode 1705->1706 1708 90a33f 1706->1708 1681 90aa3e 1682 90aa67 CopyFileW 1681->1682 1684 90aa8e 1682->1684 1685 90a2fe 1686 90a353 1685->1686 1687 90a32a SetErrorMode 1685->1687 1686->1687 1688 90a33f 1687->1688 1709 90a361 1711 90a392 RegQueryValueExW 1709->1711 1712 90a41b 1711->1712 1713 90a462 1714 90a486 RegSetValueExW 1713->1714 1716 90a507 1714->1716 1697 90a8a4 1699 90a8c6 SetFileAttributesW 1697->1699 1700 90a90b 1699->1700 1701 90ac24 1703 90ac46 ShellExecuteExW 1701->1703 1704 90ac88 1703->1704 1669 90ac46 1671 90ac6c ShellExecuteExW 1669->1671 1672 90ac88 1671->1672 1673 90a8c6 1674 90a8ef SetFileAttributesW 1673->1674 1676 90a90b 1674->1676 1677 90a646 1680 90a67e CreateMutexW 1677->1680 1679 90a6c1 1680->1679 1693 90aa07 1694 90aa3e CopyFileW 1693->1694 1696 90aa8e 1694->1696

                                                                                                          Callgraph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          • Opacity -> Relevance
                                                                                                          • Disassembly available
                                                                                                          callgraph 0 Function_00902310 1 Function_0090A710 2 Function_047E06FF 3 Function_0090AC11 4 Function_0090A392 5 Function_0090A612 6 Function_00902194 7 Function_047E0878 20 Function_009E0606 7->20 88 Function_009E05E0 7->88 8 Function_00902098 9 Function_0090A09A 10 Function_0090201C 11 Function_009E0710 12 Function_0090A81E 13 Function_0090AB9E 14 Function_009E000C 15 Function_0090A005 16 Function_047E07E8 17 Function_0090A486 18 Function_0090AB06 19 Function_0090AA07 21 Function_009E0000 22 Function_0090A20F 23 Function_00902430 24 Function_047E075A 25 Function_009022B4 26 Function_047E0F58 27 Function_047E0E55 28 Function_009023BC 29 Function_0090213C 30 Function_0090A23C 31 Function_0090AA3E 32 Function_0090A8A4 33 Function_0090AC24 34 Function_0090A02E 35 Function_047E0D40 36 Function_009020D0 37 Function_0090A2D2 38 Function_0090A952 39 Function_047E03BD 39->20 40 Function_047E0938 39->40 39->88 40->20 40->88 41 Function_009E0658 83 Function_009E066A 41->83 42 Function_00902458 43 Function_0090A45C 44 Function_0090A25E 45 Function_009E05D0 46 Function_0090A540 47 Function_00902044 48 Function_0090A646 49 Function_0090A8C6 50 Function_0090AC46 51 Function_047E0BA8 52 Function_009E0649 53 Function_0090A147 54 Function_0090A7C7 55 Function_0090ACC7 56 Function_047E0C22 57 Function_0090A74E 58 Function_009E05C0 59 Function_009E0740 60 Function_0090AACF 61 Function_009021F0 62 Function_009E067F 63 Function_0090A172 64 Function_047E069A 65 Function_009023F4 66 Function_0090AB74 67 Function_00902675 68 Function_009E077B 69 Function_047E0D98 70 Function_0090A078 71 Function_0090ACFA 72 Function_009E0074 73 Function_0090A2FE 74 Function_0090A97E 75 Function_047E0310 75->20 75->40 75->88 76 Function_0090A361 77 Function_0090AAE1 78 Function_0090A462 79 Function_047E0C8D 80 Function_009E026D 81 Function_00902264 82 Function_00902364 84 Function_047E0007 85 Function_047E0F05 86 Function_047E0B03 87 Function_0090A56E 89 Function_047E0301 89->20 89->40 89->88

                                                                                                          Executed Functions

                                                                                                          Function 047E0938 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 47e0938-47e0993 2 47e0a2e-47e0a30 0->2 3 47e0999-47e0a22 0->3 4 47e0a37-47e0a3c 2->4 152 47e0a24 call 9e0606 3->152 153 47e0a24 call 9e05e0 3->153 6 47e0b1e-47e0bc2 4->6 7 47e0a42-47e0a7a 4->7 43 47e0c9e-47e0ca7 6->43 44 47e0bc8-47e0c8b 6->44 23 47e0a7c-47e0a9a 7->23 24 47e0aa1-47e0afc 7->24 23->24 61 47e0b01 24->61 48 47e0cad-47e0d3e 43->48 49 47e0d51-47e0d5a 43->49 44->43 45 47e0a2a-47e0a2c 45->2 46 47e0a32 45->46 46->4 48->49 50 47e0d5c-47e0d73 49->50 51 47e0d7a-47e0d83 49->51 50->51 54 47e0da9-47e0db2 51->54 55 47e0d85-47e0d96 51->55 57 47e0db8-47e0e06 54->57 58 47e0f33-47e0f3a 54->58 55->54 81 47e0f1c-47e0f2d 57->81 61->6 81->58 82 47e0e0b-47e0e14 81->82 84 47e0e1a-47e0f1a 82->84 85 47e0f40-47e0fd1 82->85 84->81 134 47e0f3b 84->134 114 47e10ca 85->114 115 47e0fd7-47e0fe8 85->115 116 47e10cc-47e10d3 114->116 122 47e0fea-47e100b 115->122 129 47e100d 122->129 130 47e1012-47e1048 122->130 129->130 139 47e104f-47e1077 130->139 140 47e104a 130->140 134->85 144 47e107d-47e10a1 139->144 145 47e1079-47e107b 139->145 140->139 148 47e10aa-47e10b4 144->148 149 47e10a3-47e10a8 144->149 145->116 150 47e10ba-47e10c4 148->150 151 47e10b6-47e10b8 148->151 149->116 150->114 150->122 151->116 152->45 153->45
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165922378.00000000047E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_47e0000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: 926bdb8481a7dfd28dca412b7866f65d92246bf286b91c727069c666d1f5b705
                                                                                                          • Instruction ID: 002993a29518e069c80c46d6a1601698390c93ca56c0fdb07ae67caac9c9668f
                                                                                                          • Opcode Fuzzy Hash: 926bdb8481a7dfd28dca412b7866f65d92246bf286b91c727069c666d1f5b705
                                                                                                          • Instruction Fuzzy Hash: 6102D1347012108FCB28EB78E455A6D77F2AF88308F148979D406CB3A9DF399C56DB90
                                                                                                          Function 0090A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 154 90a612-90a695 158 90a697 154->158 159 90a69a-90a6a3 154->159 158->159 160 90a6a5 159->160 161 90a6a8-90a6b1 159->161 160->161 162 90a702-90a707 161->162 163 90a6b3-90a6d7 CreateMutexW 161->163 162->163 166 90a709-90a70e 163->166 167 90a6d9-90a6ff 163->167 166->167
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 0090A6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: d6cf03a4f62bd4d98f378f92f76242469100e615eca8ef7f82a3066bcf0374bb
                                                                                                          • Instruction ID: 378004b435b06a445474b59a95def806f413c260b4ca51f9d9a7847c19eda54b
                                                                                                          • Opcode Fuzzy Hash: d6cf03a4f62bd4d98f378f92f76242469100e615eca8ef7f82a3066bcf0374bb
                                                                                                          • Instruction Fuzzy Hash: 9C3181715093846FE711CB25DC85B96BFF8EF06314F0884AAE944CF293D365A909CBA2
                                                                                                          Function 0090A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 170 90a361-90a3cf 173 90a3d1 170->173 174 90a3d4-90a3dd 170->174 173->174 175 90a3e2-90a3e8 174->175 176 90a3df 174->176 177 90a3ea 175->177 178 90a3ed-90a404 175->178 176->175 177->178 180 90a406-90a419 RegQueryValueExW 178->180 181 90a43b-90a440 178->181 182 90a442-90a447 180->182 183 90a41b-90a438 180->183 181->180 182->183
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,3E02B584,00000000,00000000,00000000,00000000), ref: 0090A40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 511ff394769ff1db4bb43560f806c22b230e7969b53ee7257ce1e2957e41a462
                                                                                                          • Instruction ID: 7600de0712b2753eb3f84a4f86c9bd969d64c0a94d6960bcf67ad549c07ff406
                                                                                                          • Opcode Fuzzy Hash: 511ff394769ff1db4bb43560f806c22b230e7969b53ee7257ce1e2957e41a462
                                                                                                          • Instruction Fuzzy Hash: CF318175505744AFD721CF11DC84F92BBFCEF05310F08859AE9458B292D364E909CB62
                                                                                                          Function 0090A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 187 90a462-90a4c3 190 90a4c5 187->190 191 90a4c8-90a4d4 187->191 190->191 192 90a4d6 191->192 193 90a4d9-90a4f0 191->193 192->193 195 90a4f2-90a505 RegSetValueExW 193->195 196 90a527-90a52c 193->196 197 90a507-90a524 195->197 198 90a52e-90a533 195->198 196->195 198->197
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,3E02B584,00000000,00000000,00000000,00000000), ref: 0090A4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: b9e45d6956575f5d20db182dbd0ac31c51dc99acd4c72f6f6d4f102bd9f2b60f
                                                                                                          • Instruction ID: 89966ae26df65ef1c8e72b5ba579780ea058c4516fb94127ece521480e785eda
                                                                                                          • Opcode Fuzzy Hash: b9e45d6956575f5d20db182dbd0ac31c51dc99acd4c72f6f6d4f102bd9f2b60f
                                                                                                          • Instruction Fuzzy Hash: DD2190765043846FD7228F11DC44FA7BFBCEF46310F08859AE985CB692D264E948CBB2
                                                                                                          Function 0090A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 202 90a646-90a695 205 90a697 202->205 206 90a69a-90a6a3 202->206 205->206 207 90a6a5 206->207 208 90a6a8-90a6b1 206->208 207->208 209 90a702-90a707 208->209 210 90a6b3-90a6bb CreateMutexW 208->210 209->210 211 90a6c1-90a6d7 210->211 213 90a709-90a70e 211->213 214 90a6d9-90a6ff 211->214 213->214
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 0090A6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: a103f82ea328e6a06746ffb69fdf104847fcbdebf64af6a8ccb76c39d826ee41
                                                                                                          • Instruction ID: d7260a28ef711a518c9b6eab8e0f61a523552f47ce5c28cb3f39460c6851e44c
                                                                                                          • Opcode Fuzzy Hash: a103f82ea328e6a06746ffb69fdf104847fcbdebf64af6a8ccb76c39d826ee41
                                                                                                          • Instruction Fuzzy Hash: C62180716002049FE710DB25DD85FA6FBE8EF04314F08886AED458B782D775E809CAA2
                                                                                                          Function 0090AA07 Relevance: 1.6, APIs: 1, Instructions: 72fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 217 90aa07-90aa65 219 90aa67 217->219 220 90aa6a-90aa70 217->220 219->220 221 90aa72 220->221 222 90aa75-90aa7e 220->222 221->222 223 90aa80-90aaa0 CopyFileW 222->223 224 90aac1-90aac6 222->224 227 90aaa2-90aabe 223->227 228 90aac8-90aacd 223->228 224->223 228->227
                                                                                                          APIs
                                                                                                          • CopyFileW.KERNELBASE(?,?,?), ref: 0090AA86
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CopyFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 1304948518-0
                                                                                                          • Opcode ID: e50e589815eace576b2d968d1f529882cc84d2f388b649bc19cb782dca9d6b57
                                                                                                          • Instruction ID: ed07f329429160417c034102279b7081688d6eddb02f041e17c72706432bdf9c
                                                                                                          • Opcode Fuzzy Hash: e50e589815eace576b2d968d1f529882cc84d2f388b649bc19cb782dca9d6b57
                                                                                                          • Instruction Fuzzy Hash: B0217FB26093809FD711CB25DD45B52BFF8EF06314F0984EAE885DF2A3D224E908CB61
                                                                                                          Function 0090A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 230 90a392-90a3cf 232 90a3d1 230->232 233 90a3d4-90a3dd 230->233 232->233 234 90a3e2-90a3e8 233->234 235 90a3df 233->235 236 90a3ea 234->236 237 90a3ed-90a404 234->237 235->234 236->237 239 90a406-90a419 RegQueryValueExW 237->239 240 90a43b-90a440 237->240 241 90a442-90a447 239->241 242 90a41b-90a438 239->242 240->239 241->242
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,3E02B584,00000000,00000000,00000000,00000000), ref: 0090A40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 5553131b5c694eecfd52dbd653b728f83d0320fbd0eb37baa2ff2eb469b847df
                                                                                                          • Instruction ID: 3d5ed7670f10f56bec2fd990bc9137392593345f14d93905b73d29494f5f8b05
                                                                                                          • Opcode Fuzzy Hash: 5553131b5c694eecfd52dbd653b728f83d0320fbd0eb37baa2ff2eb469b847df
                                                                                                          • Instruction Fuzzy Hash: F9215C76600704AFE720CE15DC84FA6B7ECEF04714F08856AED458B6A1D7B4E949CAB2
                                                                                                          Function 0090A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 246 90a486-90a4c3 248 90a4c5 246->248 249 90a4c8-90a4d4 246->249 248->249 250 90a4d6 249->250 251 90a4d9-90a4f0 249->251 250->251 253 90a4f2-90a505 RegSetValueExW 251->253 254 90a527-90a52c 251->254 255 90a507-90a524 253->255 256 90a52e-90a533 253->256 254->253 256->255
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,3E02B584,00000000,00000000,00000000,00000000), ref: 0090A4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: 5ed20653b468e5df3a6c025ceac8628fb313eb6f64d2eff70f2e5b91e9f64861
                                                                                                          • Instruction ID: 17c441f1723435b5e7fa6e46efe54e4a0ee619fbc47bc2573c8a31c931e0cbcd
                                                                                                          • Opcode Fuzzy Hash: 5ed20653b468e5df3a6c025ceac8628fb313eb6f64d2eff70f2e5b91e9f64861
                                                                                                          • Instruction Fuzzy Hash: A2118176600704AFE7218E11DC45FAABBECEF04714F04856AED458A691D375E948CAB2
                                                                                                          Function 0090A2D2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 260 90a2d2-90a2d4 261 90a2d6-90a2dd 260->261 262 90a2de-90a328 260->262 261->262 264 90a353-90a358 262->264 265 90a32a-90a33d SetErrorMode 262->265 264->265 266 90a35a-90a35f 265->266 267 90a33f-90a352 265->267 266->267
                                                                                                          APIs
                                                                                                          • SetErrorMode.KERNELBASE(?), ref: 0090A330
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorMode
                                                                                                          • String ID:
                                                                                                          • API String ID: 2340568224-0
                                                                                                          • Opcode ID: c694ec4c0fe8c25a043869c71a909888a3b89b60ab034ea0765045c4c2981e82
                                                                                                          • Instruction ID: dcfc0c528351f2d86d1a47ed0539c8cfcce801190729e6b6fb0fa514385bb784
                                                                                                          • Opcode Fuzzy Hash: c694ec4c0fe8c25a043869c71a909888a3b89b60ab034ea0765045c4c2981e82
                                                                                                          • Instruction Fuzzy Hash: 7621297140E3C49FD7138B259C54A52BFB4AF07224F0D80DBDD848F2A3C269A808DB62
                                                                                                          Function 0090AC24 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 270 90ac24-90ac6a 272 90ac6c 270->272 273 90ac6f-90ac78 270->273 272->273 274 90acb9-90acbe 273->274 275 90ac7a-90ac9a ShellExecuteExW 273->275 274->275 278 90acc0-90acc5 275->278 279 90ac9c-90acb8 275->279 278->279
                                                                                                          APIs
                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 0090AC80
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExecuteShell
                                                                                                          • String ID:
                                                                                                          • API String ID: 587946157-0
                                                                                                          • Opcode ID: 0b10ca92b844ed95cee48d4f6ded769cdc7abf7f4b52e293d2bee06ef128911a
                                                                                                          • Instruction ID: 8cf3d4066484820d286f25ce2cc74191f6b627d696b61008c0b9c421c66a9681
                                                                                                          • Opcode Fuzzy Hash: 0b10ca92b844ed95cee48d4f6ded769cdc7abf7f4b52e293d2bee06ef128911a
                                                                                                          • Instruction Fuzzy Hash: E91163715093849FD711CB25DC94B52BFA8DF06210F0984EAED85CF292D275E848CBA2
                                                                                                          Function 0090A8A4 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 281 90a8a4-90a8ed 283 90a8f2-90a8fb 281->283 284 90a8ef 281->284 285 90a93c-90a941 283->285 286 90a8fd-90a91d SetFileAttributesW 283->286 284->283 285->286 289 90a943-90a948 286->289 290 90a91f-90a93b 286->290 289->290
                                                                                                          APIs
                                                                                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 0090A903
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: f41ae04675083075d2cd1b1d0cbf268d63286d48fbfede5500c1cc00f12649d3
                                                                                                          • Instruction ID: ec2f3340fd4a7d2f0700c0a350ff23f64e38f1b56efeb33755df8ffa44b855d3
                                                                                                          • Opcode Fuzzy Hash: f41ae04675083075d2cd1b1d0cbf268d63286d48fbfede5500c1cc00f12649d3
                                                                                                          • Instruction Fuzzy Hash: 351163725093849FD711CF25DC45B56BFE8EF06320F0984AAED45CF252D274E844CB62
                                                                                                          Function 0090AA3E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 292 90aa3e-90aa65 293 90aa67 292->293 294 90aa6a-90aa70 292->294 293->294 295 90aa72 294->295 296 90aa75-90aa7e 294->296 295->296 297 90aa80-90aa88 CopyFileW 296->297 298 90aac1-90aac6 296->298 299 90aa8e-90aaa0 297->299 298->297 301 90aaa2-90aabe 299->301 302 90aac8-90aacd 299->302 302->301
                                                                                                          APIs
                                                                                                          • CopyFileW.KERNELBASE(?,?,?), ref: 0090AA86
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CopyFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 1304948518-0
                                                                                                          • Opcode ID: 7ec1ba3937f628279de1fbfd799d808324c722de2c7cf5ee63246012af7048e5
                                                                                                          • Instruction ID: b8c1533fba7e8ebcbdb01fd29f7db0e43d332e0d1c55ee49c0ab7cc55135ed91
                                                                                                          • Opcode Fuzzy Hash: 7ec1ba3937f628279de1fbfd799d808324c722de2c7cf5ee63246012af7048e5
                                                                                                          • Instruction Fuzzy Hash: 5B1130727003449FDB50CF25D945B56BBE8EB14720F0884AADD49CB691D279E944CAA2
                                                                                                          Function 0090A8C6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 304 90a8c6-90a8ed 305 90a8f2-90a8fb 304->305 306 90a8ef 304->306 307 90a93c-90a941 305->307 308 90a8fd-90a905 SetFileAttributesW 305->308 306->305 307->308 310 90a90b-90a91d 308->310 311 90a943-90a948 310->311 312 90a91f-90a93b 310->312 311->312
                                                                                                          APIs
                                                                                                          • SetFileAttributesW.KERNELBASE(?,?), ref: 0090A903
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: 32a1aaa77f4d4a506ea79c49cb1ee0688657470aa024eeffec24d1184322cb5e
                                                                                                          • Instruction ID: d3a95c4eb5438eb699b56604af6b834c28d733f1f1a2251b9d2cd7547f6074c9
                                                                                                          • Opcode Fuzzy Hash: 32a1aaa77f4d4a506ea79c49cb1ee0688657470aa024eeffec24d1184322cb5e
                                                                                                          • Instruction Fuzzy Hash: 720140726043459FDB10CF25D885B66FBE8EF04324F08C4AADD45CB791D279E944CAA2
                                                                                                          Function 0090AC46 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 314 90ac46-90ac6a 315 90ac6c 314->315 316 90ac6f-90ac78 314->316 315->316 317 90acb9-90acbe 316->317 318 90ac7a-90ac82 ShellExecuteExW 316->318 317->318 320 90ac88-90ac9a 318->320 321 90acc0-90acc5 320->321 322 90ac9c-90acb8 320->322 321->322
                                                                                                          APIs
                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 0090AC80
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ExecuteShell
                                                                                                          • String ID:
                                                                                                          • API String ID: 587946157-0
                                                                                                          • Opcode ID: 2a4f1593b63ddfd84092a02fb65471e6abb75f74503557460d5a224ecd4c84bd
                                                                                                          • Instruction ID: c8dd87d0de3be30a5e73fa660758995b427c4620ea9c06c01ea214f25eee3ed8
                                                                                                          • Opcode Fuzzy Hash: 2a4f1593b63ddfd84092a02fb65471e6abb75f74503557460d5a224ecd4c84bd
                                                                                                          • Instruction Fuzzy Hash: CF0140716042448FEB10CF25D985B56BBE8EF05724F08C4AADD49CF792D379E844CEA2
                                                                                                          Function 0090A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 324 90a2fe-90a328 325 90a353-90a358 324->325 326 90a32a-90a33d SetErrorMode 324->326 325->326 327 90a35a-90a35f 326->327 328 90a33f-90a352 326->328 327->328
                                                                                                          APIs
                                                                                                          • SetErrorMode.KERNELBASE(?), ref: 0090A330
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165259709.000000000090A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0090A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_90a000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorMode
                                                                                                          • String ID:
                                                                                                          • API String ID: 2340568224-0
                                                                                                          • Opcode ID: cabf59e8c551d35cf30f20ce4126e86ca4d7a8d0b0c83997a0af234740ca72d4
                                                                                                          • Instruction ID: 300d267c5f625ea1cb028e20cd7ceac46bc30c5e6928d999c068f165644e2713
                                                                                                          • Opcode Fuzzy Hash: cabf59e8c551d35cf30f20ce4126e86ca4d7a8d0b0c83997a0af234740ca72d4
                                                                                                          • Instruction Fuzzy Hash: ACF0AF35904344CFDB108F19D884B65FBE4EF04324F08C0AADD494F792D279A848DEA2
                                                                                                          Function 047E0310 Relevance: .2, Instructions: 195COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165922378.00000000047E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_47e0000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e0ee576c419f89dcbc4b8383b0aead6adf2f2e63c6f083e47159f1fbab1d1f6f
                                                                                                          • Instruction ID: 03d50c407fc058aa4e1519640bfdf84e6b7d9fdb3c9bfe8177ee6e6488250ac4
                                                                                                          • Opcode Fuzzy Hash: e0ee576c419f89dcbc4b8383b0aead6adf2f2e63c6f083e47159f1fbab1d1f6f
                                                                                                          • Instruction Fuzzy Hash: F76156307042158FC724EB7A9810ABD33E7ABC9344B448929E405DB3E5DF79DD4AD7A1
                                                                                                          Function 047E0007 Relevance: .2, Instructions: 193COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165922378.00000000047E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_47e0000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: efead245b031d80af8587674b90e5bf7a530f5241475af5f044f4e5c091f6504
                                                                                                          • Instruction ID: 848d8561f79d33ad7ac3e93918361559d83652446f85e17e8c9784f283f402aa
                                                                                                          • Opcode Fuzzy Hash: efead245b031d80af8587674b90e5bf7a530f5241475af5f044f4e5c091f6504
                                                                                                          • Instruction Fuzzy Hash: BC71933021B3868FC722EB34E8548857BB2AF46208755C99AD044CF67BDB38591FDB62
                                                                                                          Function 047E03BD Relevance: .1, Instructions: 135COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165922378.00000000047E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_47e0000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: d54b7119a4bba303b1d7787c8210b19b1a2d0ec9548e13905b30947e546777a9
                                                                                                          • Instruction ID: 0c7479d65bb21faaf25b594a637d5e876a370bf60ce19d4f50388198e353ee46
                                                                                                          • Opcode Fuzzy Hash: d54b7119a4bba303b1d7787c8210b19b1a2d0ec9548e13905b30947e546777a9
                                                                                                          • Instruction Fuzzy Hash: 074128307042158FCB58B7BA94146BD32D79FCA3887448829E406DF3E5DF7D8E4A97A2
                                                                                                          Function 047E0878 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165922378.00000000047E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 047E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_47e0000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bafbd06801065b54af3b52322f06ee58954c63c0207a96a4c84449a2dd280f2d
                                                                                                          • Instruction ID: 1bf9a0d96afb2878b2c5d2fa2d9304cddea62ac8eef5bc5172366b3f3c1098d8
                                                                                                          • Opcode Fuzzy Hash: bafbd06801065b54af3b52322f06ee58954c63c0207a96a4c84449a2dd280f2d
                                                                                                          • Instruction Fuzzy Hash: 29119430B09386CFD711BB74D858498BBF1EF8530CB4489ADE4858B3A6DB755849DB83
                                                                                                          Function 009E05E0 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165459854.00000000009E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_9e0000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5acc9ca31a77fad880df8aa6bda41af073a65ac54f6e7d8058312b6674f23c6e
                                                                                                          • Instruction ID: a76e978ae8737c3bf4e8f76d3160387692ea5de33717b0f5cd383e0919025e76
                                                                                                          • Opcode Fuzzy Hash: 5acc9ca31a77fad880df8aa6bda41af073a65ac54f6e7d8058312b6674f23c6e
                                                                                                          • Instruction Fuzzy Hash: F201DB765093846FD7118F15AC41862FFB8EF46220708C4EFEC498B612D235A909CB72
                                                                                                          Function 009E0606 Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165459854.00000000009E0000.00000040.00000020.00020000.00000000.sdmp, Offset: 009E0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_9e0000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5c8f48ba1bed87d39a72c899e186899c90729275833d424bad961594394b0c58
                                                                                                          • Instruction ID: 14a47e10877bd196277e516d5c716b346f36e1e4c717f0feae634154cbc6c20d
                                                                                                          • Opcode Fuzzy Hash: 5c8f48ba1bed87d39a72c899e186899c90729275833d424bad961594394b0c58
                                                                                                          • Instruction Fuzzy Hash: 37E092B66006044BD650CF0AFC41452F7D8EB84630B08C07FDC0D8BB01D235B508CEA5
                                                                                                          Function 009023F4 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165242544.0000000000902000.00000040.00000800.00020000.00000000.sdmp, Offset: 00902000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_902000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 24b0fbdc10ce88935a9e50ea48cb66cde1bb61b5373bf7c244a0a7c8a26cf1be
                                                                                                          • Instruction ID: 3cb243a11d485b315c2d5ab706f195255e6f228c010c4a96358ae278d1aa3635
                                                                                                          • Opcode Fuzzy Hash: 24b0fbdc10ce88935a9e50ea48cb66cde1bb61b5373bf7c244a0a7c8a26cf1be
                                                                                                          • Instruction Fuzzy Hash: 2AD05E792096C14FD3169B1CC5A8F9637DCAB51718F4A44F9AC008B7B3C768D981D600
                                                                                                          Function 009023BC Relevance: .0, Instructions: 14COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000002.00000002.2165242544.0000000000902000.00000040.00000800.00020000.00000000.sdmp, Offset: 00902000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_2_2_902000_NjRAT.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b2b6f06979941b41de74e1c0cc34fb0c4e2d7905dc6b92c5caa7bd54ee0d4915
                                                                                                          • Instruction ID: c445d1347886f18acedeb794059d4888c7a6551cf8ee53594c42bb6e01f549a9
                                                                                                          • Opcode Fuzzy Hash: b2b6f06979941b41de74e1c0cc34fb0c4e2d7905dc6b92c5caa7bd54ee0d4915
                                                                                                          • Instruction Fuzzy Hash: 65D05E342002818FCB25DB0CD6D8F5937D8AF40B14F0644E8AC108B7A2C7B8D8C0CA00

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:20.4%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:7.7%
                                                                                                          Total number of Nodes:182
                                                                                                          Total number of Limit Nodes:9
                                                                                                          execution_graph 7085 5941ad6 7086 5941b0b GetProcessTimes 7085->7086 7088 5941b3d 7086->7088 7089 54a0509 7090 54a0510 7089->7090 7091 54a05bf 7090->7091 7093 54a1eaf 7090->7093 7094 54a1ee4 7093->7094 7097 54a1f01 7094->7097 7098 2babef2 7094->7098 7102 2babed0 7094->7102 7097->7091 7099 2babf52 7098->7099 7100 2babf27 NtSetInformationProcess 7098->7100 7099->7100 7101 2babf3c 7100->7101 7101->7097 7103 2babef2 NtSetInformationProcess 7102->7103 7105 2babf3c 7103->7105 7105->7097 7106 2baa2fe 7107 2baa32a SetErrorMode 7106->7107 7108 2baa353 7106->7108 7109 2baa33f 7107->7109 7108->7107 7005 5942092 7006 59420c1 CoGetObjectContext 7005->7006 7007 59420ea 7005->7007 7008 59420d6 7006->7008 7007->7006 7009 594319e 7011 59431d3 GetProcessWorkingSetSize 7009->7011 7012 59431ff 7011->7012 7013 5942e1e 7014 5942e56 RegCreateKeyExW 7013->7014 7016 5942ec8 7014->7016 7017 2baafb6 7020 2baafeb GetFileType 7017->7020 7019 2bab018 7020->7019 7021 2bab32a 7022 2bab35f ReadFile 7021->7022 7024 2bab391 7022->7024 7025 5941086 7027 59410be WSASocketW 7025->7027 7028 59410fa 7027->7028 7029 5941906 7032 594193b shutdown 7029->7032 7031 5941964 7032->7031 7037 5943282 7038 59432b7 SetProcessWorkingSetSize 7037->7038 7040 59432e3 7038->7040 7118 59401c2 7119 59401f7 NtQuerySystemInformation 7118->7119 7120 5940222 7118->7120 7121 594020c 7119->7121 7120->7119 7122 5941bc2 7123 5941bfd getaddrinfo 7122->7123 7125 5941c6f 7123->7125 7041 2babba2 7044 2babbd1 AdjustTokenPrivileges 7041->7044 7043 2babbf3 7044->7043 7045 2baba22 7046 2baba4b LookupPrivilegeValueW 7045->7046 7048 2baba72 7046->7048 7126 59430ca 7127 59430f3 select 7126->7127 7129 5943128 7127->7129 7049 2baa09a 7050 2baa0cf send 7049->7050 7051 2baa107 7049->7051 7052 2baa0dd 7050->7052 7051->7050 7130 2baac5a 7132 2baac83 SetFileAttributesW 7130->7132 7133 2baac9f 7132->7133 7053 2baae9e 7054 2baaed6 CreateFileW 7053->7054 7056 2baaf25 7054->7056 7057 59414b2 7058 59414ea ConvertStringSecurityDescriptorToSecurityDescriptorW 7057->7058 7060 594152b 7058->7060 7134 5940472 7135 59404b0 DuplicateHandle 7134->7135 7136 59404e8 7134->7136 7137 59404be 7135->7137 7136->7135 7061 2baa392 7062 2baa3c7 RegQueryValueExW 7061->7062 7064 2baa41b 7062->7064 7138 2baab52 7140 2baab8a RegOpenKeyExW 7138->7140 7141 2baabe0 7140->7141 7142 59400fe 7143 594012a K32EnumProcesses 7142->7143 7145 5940146 7143->7145 7065 2babe16 7066 2babe4b GetExitCodeProcess 7065->7066 7068 2babe74 7066->7068 7146 2baadd6 7147 2baadff CopyFileW 7146->7147 7149 2baae26 7147->7149 7150 2bab1ca 7151 2bab228 7150->7151 7152 2bab1f6 FindClose 7150->7152 7151->7152 7153 2bab20b 7152->7153 7154 2baa74e 7155 2baa77a CloseHandle 7154->7155 7156 2baa7b9 7154->7156 7157 2baa788 7155->7157 7156->7155 7069 5941da2 7070 5941dd7 WSAConnect 7069->7070 7072 5941df6 7070->7072 7158 5941662 7160 594169a MapViewOfFile 7158->7160 7161 59416e9 7160->7161 7162 54a03bd 7163 54a03c4 7162->7163 7164 54a1eaf 2 API calls 7163->7164 7165 54a05bf 7163->7165 7164->7165 7166 54a1830 7167 54a147a 7166->7167 7172 54a19ca 7167->7172 7181 54a19b7 7167->7181 7190 54a1999 7167->7190 7199 54a1929 7167->7199 7173 54a19d1 7172->7173 7208 54a0310 7173->7208 7175 54a1a85 7176 54a0310 2 API calls 7175->7176 7177 54a1aee 7176->7177 7178 54a1b14 7177->7178 7212 54a27b8 7177->7212 7216 54a2757 7177->7216 7182 54a19be 7181->7182 7183 54a0310 2 API calls 7182->7183 7184 54a1a85 7183->7184 7185 54a0310 2 API calls 7184->7185 7186 54a1aee 7185->7186 7187 54a1b14 7186->7187 7188 54a27b8 2 API calls 7186->7188 7189 54a2757 2 API calls 7186->7189 7188->7187 7189->7187 7191 54a19a0 7190->7191 7192 54a0310 2 API calls 7191->7192 7193 54a1a85 7192->7193 7194 54a0310 2 API calls 7193->7194 7195 54a1aee 7194->7195 7196 54a1b14 7195->7196 7197 54a27b8 2 API calls 7195->7197 7198 54a2757 2 API calls 7195->7198 7197->7196 7198->7196 7200 54a1963 7199->7200 7201 54a0310 2 API calls 7200->7201 7202 54a1a85 7201->7202 7203 54a0310 2 API calls 7202->7203 7204 54a1aee 7203->7204 7205 54a1b14 7204->7205 7206 54a27b8 2 API calls 7204->7206 7207 54a2757 2 API calls 7204->7207 7206->7205 7207->7205 7210 54a0322 7208->7210 7209 54a0348 7209->7175 7210->7209 7211 54a1eaf 2 API calls 7210->7211 7211->7209 7213 54a27e3 7212->7213 7214 54a282b 7213->7214 7220 54a2dd0 7213->7220 7214->7178 7217 54a2760 7216->7217 7218 54a278c 7217->7218 7219 54a2dd0 2 API calls 7217->7219 7218->7178 7219->7218 7221 54a2e05 7220->7221 7225 5941e9e 7221->7225 7228 5941e2e 7221->7228 7222 54a2e40 7222->7214 7226 5941eee GetVolumeInformationA 7225->7226 7227 5941ef6 7226->7227 7227->7222 7229 5941e9e GetVolumeInformationA 7228->7229 7231 5941ef6 7229->7231 7231->7222 7232 5942fee 7234 5943023 ioctlsocket 7232->7234 7235 594304f 7234->7235 7073 2baa486 7074 2baa4bb RegSetValueExW 7073->7074 7076 2baa507 7074->7076 7077 2baaa06 7078 2baaa35 WaitForInputIdle 7077->7078 7079 2baaa6b 7077->7079 7080 2baaa43 7078->7080 7079->7078 7236 2baa646 7237 2baa67e CreateMutexW 7236->7237 7239 2baa6c1 7237->7239 7081 594212a 7084 5942165 LoadLibraryA 7081->7084 7083 59421a2 7084->7083

                                                                                                          Executed Functions

                                                                                                          Function 02BABB6B Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 02BABBEB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AdjustPrivilegesToken
                                                                                                          • String ID:
                                                                                                          • API String ID: 2874748243-0
                                                                                                          • Opcode ID: 2cd1513f29f70ea765315dda7ddde12aa39ab217e90a15dede93c0404c35c8b5
                                                                                                          • Instruction ID: 015a4c6bf1e68409d15c1cc1a2c600f2146e57647a43ec5bc6cf653427f84081
                                                                                                          • Opcode Fuzzy Hash: 2cd1513f29f70ea765315dda7ddde12aa39ab217e90a15dede93c0404c35c8b5
                                                                                                          • Instruction Fuzzy Hash: 7921D1765097809FDB128F25DC50B52BFF4EF16314F0884DAE9858B563D335A808CB62
                                                                                                          Function 05940187 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 059401FD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InformationQuerySystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 3562636166-0
                                                                                                          • Opcode ID: 8c121c7857626062ee8749544c8f33148a4d3d3ec589cbb0a7bf1e52575ed244
                                                                                                          • Instruction ID: 81abd57c956961252a3783abdb5a2cfa8bfa32b7d442646f61dca8b3fe7ce53e
                                                                                                          • Opcode Fuzzy Hash: 8c121c7857626062ee8749544c8f33148a4d3d3ec589cbb0a7bf1e52575ed244
                                                                                                          • Instruction Fuzzy Hash: 4321AE724097C0AFDB238B20EC45A52FFB4EF06214F0984DBE9844B5A3D265A90DDB62
                                                                                                          Function 02BABBA2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 02BABBEB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AdjustPrivilegesToken
                                                                                                          • String ID:
                                                                                                          • API String ID: 2874748243-0
                                                                                                          • Opcode ID: 0f4b17a7a7d7c1cedb1cc767403df75341546ea787ac11cc336ea5872fc3a567
                                                                                                          • Instruction ID: 0e29a503c89b0fe0daaa7eec0e26cb71685eb86ccebab0d93e8798a42b1fe2c1
                                                                                                          • Opcode Fuzzy Hash: 0f4b17a7a7d7c1cedb1cc767403df75341546ea787ac11cc336ea5872fc3a567
                                                                                                          • Instruction Fuzzy Hash: 4D11C2725043049FDB20CF15D884B62FBE4EF14324F08C8AAED558B662D335E418CF61
                                                                                                          Function 02BABED0 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 02BABF2D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InformationProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 1801817001-0
                                                                                                          • Opcode ID: 6325e861fb8ce586e8cebb9dd81e6f3a2956ff2ce40b8e9d223ba19e4df27c97
                                                                                                          • Instruction ID: 9f1e88c089c2f19a72447facb82fa5e6da36af98ba7ba41c0f21e09e4a0acf29
                                                                                                          • Opcode Fuzzy Hash: 6325e861fb8ce586e8cebb9dd81e6f3a2956ff2ce40b8e9d223ba19e4df27c97
                                                                                                          • Instruction Fuzzy Hash: 2111A072409780AFCB228F11DC44F52FFB4EF06224F09C4DAED884B662C275A818DB62
                                                                                                          Function 02BABEF2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 02BABF2D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InformationProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 1801817001-0
                                                                                                          • Opcode ID: 77a9198f3ab460499d51aff3986e20b091f052e0a7a94fc5ade7268a6c45f5dc
                                                                                                          • Instruction ID: 873b5f364e86440c6e2f956c787d704a266cfaf887b0fe1f19f21a470119a21f
                                                                                                          • Opcode Fuzzy Hash: 77a9198f3ab460499d51aff3986e20b091f052e0a7a94fc5ade7268a6c45f5dc
                                                                                                          • Instruction Fuzzy Hash: C201AD324046049FDB208F05D884B65FBE0EF18324F0CC59AED594B662C37AE858DF62
                                                                                                          Function 059401C2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 059401FD
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InformationQuerySystem
                                                                                                          • String ID:
                                                                                                          • API String ID: 3562636166-0
                                                                                                          • Opcode ID: 45b59687c3c5d0e9808ec1f5038d08cbf5d5b44aa1e0b809c01d8adeea1523b2
                                                                                                          • Instruction ID: d3a3fcacf7526deee443c775abf8568ebf231ac6f5fcd991341fb7d4923238f1
                                                                                                          • Opcode Fuzzy Hash: 45b59687c3c5d0e9808ec1f5038d08cbf5d5b44aa1e0b809c01d8adeea1523b2
                                                                                                          • Instruction Fuzzy Hash: 33018F364006049FDB20CF45E948F61FBE4FF08224F08C49ADE490A652C376A858CF62
                                                                                                          Function 054A0310 Relevance: 3.9, Strings: 3, Instructions: 187COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 54a0310-54a0334 2 54a033e-54a0346 0->2 3 54a0336-54a0338 0->3 4 54a0348-54a034d 2->4 5 54a034e-54a0391 2->5 3->2 8 54a03d8-54a0418 5->8 9 54a0393-54a03ce 5->9 16 54a041a 8->16 17 54a041f 8->17 9->8 16->17 60 54a041f call 54a0938 17->60 61 54a041f call 54a0d98 17->61 62 54a041f call 54a0ba8 17->62 63 54a041f call 54a0c8d 17->63 64 54a041f call 2c01047 17->64 65 54a041f call 54a0c22 17->65 66 54a041f call 54a0b03 17->66 67 54a041f call 54a0d40 17->67 68 54a041f call 2c0106e 17->68 69 54a041f call 54a0f05 17->69 70 54a041f call 54a0e55 17->70 18 54a0425-54a0434 19 54a046b-54a04b5 18->19 20 54a0436-54a0460 18->20 55 54a04b7 call 2c01047 19->55 56 54a04b7 call 2c0106e 19->56 20->19 31 54a04bd-54a0523 39 54a0570-54a0587 31->39 40 54a0525-54a0531 31->40 41 54a058d-54a05b4 39->41 42 54a0880 39->42 53 54a0533 call 2c01047 40->53 54 54a0533 call 2c0106e 40->54 57 54a05b9 call 54a1eaf 41->57 58 54a05b9 call 2c01047 41->58 59 54a05b9 call 2c0106e 41->59 45 54a0539-54a0569 45->39 50 54a05bf 50->42 53->45 54->45 55->31 56->31 57->50 58->50 59->50 60->18 61->18 62->18 63->18 64->18 65->18 66->18 67->18 68->18 69->18 70->18
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [fi^$-[fi^$=[fi^
                                                                                                          • API String ID: 0-2239522807
                                                                                                          • Opcode ID: d1d87b1c08670dc7f2b46d6879012c9ff634c78c372214aaae46e8b0fd90ffd8
                                                                                                          • Instruction ID: c5eeac3b35f66332ebeeb5bcdb5fa2d716ddd6b0d065a828d64c53e706e1dcca
                                                                                                          • Opcode Fuzzy Hash: d1d87b1c08670dc7f2b46d6879012c9ff634c78c372214aaae46e8b0fd90ffd8
                                                                                                          • Instruction Fuzzy Hash: 81510230B042018BC719EB7CA4196BE77D7AF85284B5448AED806DB3C1DFBDCC4687A2
                                                                                                          Function 054A03BD Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 71 54a03bd-54a0418 79 54a041a 71->79 80 54a041f 71->80 79->80 123 54a041f call 54a0938 80->123 124 54a041f call 54a0d98 80->124 125 54a041f call 54a0ba8 80->125 126 54a041f call 54a0c8d 80->126 127 54a041f call 2c01047 80->127 128 54a041f call 54a0c22 80->128 129 54a041f call 54a0b03 80->129 130 54a041f call 54a0d40 80->130 131 54a041f call 2c0106e 80->131 132 54a041f call 54a0f05 80->132 133 54a041f call 54a0e55 80->133 81 54a0425-54a0434 82 54a046b-54a04b5 81->82 83 54a0436-54a0460 81->83 118 54a04b7 call 2c01047 82->118 119 54a04b7 call 2c0106e 82->119 83->82 94 54a04bd-54a0523 102 54a0570-54a0587 94->102 103 54a0525-54a0531 94->103 104 54a058d-54a05b4 102->104 105 54a0880 102->105 116 54a0533 call 2c01047 103->116 117 54a0533 call 2c0106e 103->117 120 54a05b9 call 54a1eaf 104->120 121 54a05b9 call 2c01047 104->121 122 54a05b9 call 2c0106e 104->122 108 54a0539-54a0569 108->102 113 54a05bf 113->105 116->108 117->108 118->94 119->94 120->113 121->113 122->113 123->81 124->81 125->81 126->81 127->81 128->81 129->81 130->81 131->81 132->81 133->81
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [fi^$-[fi^$=[fi^
                                                                                                          • API String ID: 0-2239522807
                                                                                                          • Opcode ID: 82d1ba90e61eaef3a67994469bf431e4b1e7fc4461e125e50ff0360a6d2278cd
                                                                                                          • Instruction ID: a9a3e628ab9ada6076711c7b3fe5470b5b8b715e08b49dcdbb4346d29e14352f
                                                                                                          • Opcode Fuzzy Hash: 82d1ba90e61eaef3a67994469bf431e4b1e7fc4461e125e50ff0360a6d2278cd
                                                                                                          • Instruction Fuzzy Hash: 89410931B041158BC759E77D94252BE32D79FC5288B4848AED806DB3D1DFBD8D0A87A2
                                                                                                          Function 054A1929 Relevance: 2.8, Strings: 2, Instructions: 335COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 134 54a1929-54a1980 137 54a19aa-54a1b07 call 54a0310 * 2 134->137 138 54a1982-54a1988 134->138 245 54a1b0e call 54a27b8 137->245 246 54a1b0e call 54a294f 137->246 247 54a1b0e call 54a290d 137->247 248 54a1b0e call 54a28bd 137->248 249 54a1b0e call 2c01047 137->249 250 54a1b0e call 54a29c3 137->250 251 54a1b0e call 54a2bc0 137->251 252 54a1b0e call 54a2757 137->252 253 54a1b0e call 2c0106e 137->253 254 54a1b0e call 54a2aa5 137->254 140 54a198f-54a1997 138->140 140->137 168 54a1b14-54a1b45 call 54a3030 call 54a13b8 174 54a1b6a-54a1ba7 call 54a13b8 168->174 175 54a1b47-54a1b68 168->175 181 54a1baa-54a1c82 174->181 175->181 198 54a1c8b 181->198 199 54a1c84-54a1c89 181->199 200 54a1c90-54a1cb8 198->200 199->200 203 54a1cba-54a1cbf 200->203 204 54a1cc1 200->204 205 54a1cc6-54a1cee 203->205 204->205 208 54a1cf0-54a1cf5 205->208 209 54a1cf7 205->209 210 54a1cfc-54a1d24 208->210 209->210 213 54a1d2d 210->213 214 54a1d26-54a1d2b 210->214 215 54a1d32-54a1d5a 213->215 214->215 218 54a1d5c-54a1d61 215->218 219 54a1d63 215->219 220 54a1d68-54a1d90 218->220 219->220 223 54a1d99 220->223 224 54a1d92-54a1d97 220->224 225 54a1d9e-54a1dc6 223->225 224->225 228 54a1dc8-54a1dcd 225->228 229 54a1dcf 225->229 230 54a1dd4-54a1dfc 228->230 229->230 233 54a1dfe-54a1e03 230->233 234 54a1e05 230->234 235 54a1e0a-54a1e42 call 54a3030 233->235 234->235 240 54a1e48-54a1e92 235->240 244 54a1e93 240->244 244->244 245->168 246->168 247->168 248->168 249->168 250->168 251->168 252->168 253->168 254->168
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk$:@hk
                                                                                                          • API String ID: 0-48768170
                                                                                                          • Opcode ID: d85820a5cfe38c41e1f3edc3d527964599a5f5060e161533ea1739ef32302fdb
                                                                                                          • Instruction ID: f58dee4bafc533bedbdb8fde8b24319e4e2e561bac93df61a09e0c66cbe21a46
                                                                                                          • Opcode Fuzzy Hash: d85820a5cfe38c41e1f3edc3d527964599a5f5060e161533ea1739ef32302fdb
                                                                                                          • Instruction Fuzzy Hash: ADC17C707051548BEB05EB78E8187BE37ABEB99208F10446ED806977C1CF7D9C26DB61
                                                                                                          Function 054A1999 Relevance: 2.8, Strings: 2, Instructions: 280COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 257 54a1999-54a1b07 call 54a0310 * 2 366 54a1b0e call 54a27b8 257->366 367 54a1b0e call 54a294f 257->367 368 54a1b0e call 54a290d 257->368 369 54a1b0e call 54a28bd 257->369 370 54a1b0e call 2c01047 257->370 371 54a1b0e call 54a29c3 257->371 372 54a1b0e call 54a2bc0 257->372 373 54a1b0e call 54a2757 257->373 374 54a1b0e call 2c0106e 257->374 375 54a1b0e call 54a2aa5 257->375 289 54a1b14-54a1b45 call 54a3030 call 54a13b8 295 54a1b6a-54a1ba7 call 54a13b8 289->295 296 54a1b47-54a1b68 289->296 302 54a1baa-54a1c82 295->302 296->302 319 54a1c8b 302->319 320 54a1c84-54a1c89 302->320 321 54a1c90-54a1cb8 319->321 320->321 324 54a1cba-54a1cbf 321->324 325 54a1cc1 321->325 326 54a1cc6-54a1cee 324->326 325->326 329 54a1cf0-54a1cf5 326->329 330 54a1cf7 326->330 331 54a1cfc-54a1d24 329->331 330->331 334 54a1d2d 331->334 335 54a1d26-54a1d2b 331->335 336 54a1d32-54a1d5a 334->336 335->336 339 54a1d5c-54a1d61 336->339 340 54a1d63 336->340 341 54a1d68-54a1d90 339->341 340->341 344 54a1d99 341->344 345 54a1d92-54a1d97 341->345 346 54a1d9e-54a1dc6 344->346 345->346 349 54a1dc8-54a1dcd 346->349 350 54a1dcf 346->350 351 54a1dd4-54a1dfc 349->351 350->351 354 54a1dfe-54a1e03 351->354 355 54a1e05 351->355 356 54a1e0a-54a1e42 call 54a3030 354->356 355->356 361 54a1e48-54a1e92 356->361 365 54a1e93 361->365 365->365 366->289 367->289 368->289 369->289 370->289 371->289 372->289 373->289 374->289 375->289
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk$:@hk
                                                                                                          • API String ID: 0-48768170
                                                                                                          • Opcode ID: d2c5139a4a227d4e7dbc5a20ba7ff3e07b9bae6d816fda6d90bf5cde0841765c
                                                                                                          • Instruction ID: f8e96c1691e104ea0ee4c63d6c8c2e9bb545b4cbca57808db57a6993a7662744
                                                                                                          • Opcode Fuzzy Hash: d2c5139a4a227d4e7dbc5a20ba7ff3e07b9bae6d816fda6d90bf5cde0841765c
                                                                                                          • Instruction Fuzzy Hash: 00A181707051548BDB05EB78E8187BE36ABEB99308F10446ED84A977C1CF7D8C26D761
                                                                                                          Function 054A19B7 Relevance: 2.8, Strings: 2, Instructions: 277COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 378 54a19b7-54a1b07 call 54a0310 * 2 486 54a1b0e call 54a27b8 378->486 487 54a1b0e call 54a294f 378->487 488 54a1b0e call 54a290d 378->488 489 54a1b0e call 54a28bd 378->489 490 54a1b0e call 2c01047 378->490 491 54a1b0e call 54a29c3 378->491 492 54a1b0e call 54a2bc0 378->492 493 54a1b0e call 54a2757 378->493 494 54a1b0e call 2c0106e 378->494 495 54a1b0e call 54a2aa5 378->495 409 54a1b14-54a1b45 call 54a3030 call 54a13b8 415 54a1b6a-54a1ba7 call 54a13b8 409->415 416 54a1b47-54a1b68 409->416 422 54a1baa-54a1c82 415->422 416->422 439 54a1c8b 422->439 440 54a1c84-54a1c89 422->440 441 54a1c90-54a1cb8 439->441 440->441 444 54a1cba-54a1cbf 441->444 445 54a1cc1 441->445 446 54a1cc6-54a1cee 444->446 445->446 449 54a1cf0-54a1cf5 446->449 450 54a1cf7 446->450 451 54a1cfc-54a1d24 449->451 450->451 454 54a1d2d 451->454 455 54a1d26-54a1d2b 451->455 456 54a1d32-54a1d5a 454->456 455->456 459 54a1d5c-54a1d61 456->459 460 54a1d63 456->460 461 54a1d68-54a1d90 459->461 460->461 464 54a1d99 461->464 465 54a1d92-54a1d97 461->465 466 54a1d9e-54a1dc6 464->466 465->466 469 54a1dc8-54a1dcd 466->469 470 54a1dcf 466->470 471 54a1dd4-54a1dfc 469->471 470->471 474 54a1dfe-54a1e03 471->474 475 54a1e05 471->475 476 54a1e0a-54a1e42 call 54a3030 474->476 475->476 481 54a1e48-54a1e92 476->481 485 54a1e93 481->485 485->485 486->409 487->409 488->409 489->409 490->409 491->409 492->409 493->409 494->409 495->409
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk$:@hk
                                                                                                          • API String ID: 0-48768170
                                                                                                          • Opcode ID: 82bc581c37b864795b49f72f57040b8f2afa796ff82e785a5cca99ba23c2cbc9
                                                                                                          • Instruction ID: af6358376d871e5bea453edc2c7b66968434a2ac83c99b21d7cae1941d80f5fd
                                                                                                          • Opcode Fuzzy Hash: 82bc581c37b864795b49f72f57040b8f2afa796ff82e785a5cca99ba23c2cbc9
                                                                                                          • Instruction Fuzzy Hash: DAA181707042548BEB05EB78E9187BE32ABAB99308F10446ED84A977C1CF7D8C26D761
                                                                                                          Function 054A19CA Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 498 54a19ca-54a1b07 call 54a0310 * 2 607 54a1b0e call 54a27b8 498->607 608 54a1b0e call 54a294f 498->608 609 54a1b0e call 54a290d 498->609 610 54a1b0e call 54a28bd 498->610 611 54a1b0e call 2c01047 498->611 612 54a1b0e call 54a29c3 498->612 613 54a1b0e call 54a2bc0 498->613 614 54a1b0e call 54a2757 498->614 615 54a1b0e call 2c0106e 498->615 616 54a1b0e call 54a2aa5 498->616 528 54a1b14-54a1b45 call 54a3030 call 54a13b8 534 54a1b6a-54a1ba7 call 54a13b8 528->534 535 54a1b47-54a1b68 528->535 541 54a1baa-54a1c82 534->541 535->541 558 54a1c8b 541->558 559 54a1c84-54a1c89 541->559 560 54a1c90-54a1cb8 558->560 559->560 563 54a1cba-54a1cbf 560->563 564 54a1cc1 560->564 565 54a1cc6-54a1cee 563->565 564->565 568 54a1cf0-54a1cf5 565->568 569 54a1cf7 565->569 570 54a1cfc-54a1d24 568->570 569->570 573 54a1d2d 570->573 574 54a1d26-54a1d2b 570->574 575 54a1d32-54a1d5a 573->575 574->575 578 54a1d5c-54a1d61 575->578 579 54a1d63 575->579 580 54a1d68-54a1d90 578->580 579->580 583 54a1d99 580->583 584 54a1d92-54a1d97 580->584 585 54a1d9e-54a1dc6 583->585 584->585 588 54a1dc8-54a1dcd 585->588 589 54a1dcf 585->589 590 54a1dd4-54a1dfc 588->590 589->590 593 54a1dfe-54a1e03 590->593 594 54a1e05 590->594 595 54a1e0a-54a1e42 call 54a3030 593->595 594->595 600 54a1e48-54a1e92 595->600 604 54a1e93 600->604 604->604 607->528 608->528 609->528 610->528 611->528 612->528 613->528 614->528 615->528 616->528
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk$:@hk
                                                                                                          • API String ID: 0-48768170
                                                                                                          • Opcode ID: 818059d61772c2ab412be5e6789b60f955aab73902798bd331b3bc1ba1f723e5
                                                                                                          • Instruction ID: 6d494c630adef447140d8af2a3dda7e37f24e369aacdf17cb1496092b3b1dfe3
                                                                                                          • Opcode Fuzzy Hash: 818059d61772c2ab412be5e6789b60f955aab73902798bd331b3bc1ba1f723e5
                                                                                                          • Instruction Fuzzy Hash: 24A181707052548BEB05EB78E8187BE36ABAB99308F10446ED84A977C1CF7D8C26D761
                                                                                                          Function 054A0938 Relevance: 1.7, Strings: 1, Instructions: 494COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 617 54a0938-54a0993 619 54a0999-54a0a22 617->619 620 54a0a2e-54a0a30 617->620 772 54a0a24 call 2c01047 619->772 773 54a0a24 call 2c0106e 619->773 621 54a0a37-54a0a3c 620->621 623 54a0b1e-54a0bc2 621->623 624 54a0a42-54a0a7a 621->624 660 54a0bc8-54a0c50 623->660 661 54a0c9e-54a0ca7 623->661 640 54a0a7c-54a0a9a 624->640 641 54a0aa1-54a0b01 624->641 640->641 641->623 696 54a0c57-54a0c8b 660->696 665 54a0cad-54a0d2c 661->665 666 54a0d51-54a0d5a 661->666 662 54a0a2a-54a0a2c 662->620 664 54a0a32 662->664 664->621 711 54a0d33-54a0d3e 665->711 667 54a0d7a-54a0d83 666->667 668 54a0d5c-54a0d73 666->668 670 54a0da9-54a0db2 667->670 671 54a0d85-54a0d8c 667->671 668->667 676 54a0db8-54a0dd6 670->676 677 54a0f33-54a0f3a 670->677 683 54a0d96 671->683 770 54a0dd8 call 2c01047 676->770 771 54a0dd8 call 2c0106e 676->771 682 54a0dde-54a0e06 697 54a0f1c-54a0f2d 682->697 683->670 696->661 697->677 699 54a0e0b-54a0e14 697->699 701 54a0e1a-54a0efb 699->701 702 54a0f40-54a0fd1 699->702 746 54a0f03-54a0f1a 701->746 733 54a10ca 702->733 734 54a0fd7-54a0fe8 702->734 711->666 735 54a10cc-54a10d3 733->735 741 54a0fea-54a100b 734->741 748 54a100d 741->748 749 54a1012-54a1048 741->749 746->697 751 54a0f3b 746->751 748->749 757 54a104a 749->757 758 54a104f-54a1077 749->758 751->702 757->758 762 54a1079-54a107b 758->762 763 54a107d-54a10a1 758->763 762->735 766 54a10aa-54a10b4 763->766 767 54a10a3-54a10a8 763->767 768 54a10ba-54a10c4 766->768 769 54a10b6-54a10b8 766->769 767->735 768->733 768->741 769->735 770->682 771->682 772->662 773->662
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: 53cd65f6fb2d40e89429c3558916f8d1f40f30f0080db17f3ae515a2d2ab553f
                                                                                                          • Instruction ID: a1703503fb0b46b700544feb5f65124bd91357a76ea604a5771ef59790e4825e
                                                                                                          • Opcode Fuzzy Hash: 53cd65f6fb2d40e89429c3558916f8d1f40f30f0080db17f3ae515a2d2ab553f
                                                                                                          • Instruction Fuzzy Hash: 75029E347012108FCB19EB7CE459AAE77E2EF99208F1444ADD806DB3A5DF799C42CB91
                                                                                                          Function 05942DF2 Relevance: 1.6, APIs: 1, Instructions: 99registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 774 5942df2-5942e76 778 5942e78 774->778 779 5942e7b-5942e87 774->779 778->779 780 5942e8c-5942e95 779->780 781 5942e89 779->781 782 5942e97 780->782 783 5942e9a-5942eb1 780->783 781->780 782->783 785 5942ef3-5942ef8 783->785 786 5942eb3-5942ec6 RegCreateKeyExW 783->786 785->786 787 5942ec8-5942ef0 786->787 788 5942efa-5942eff 786->788 788->787
                                                                                                          APIs
                                                                                                          • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 05942EB9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Create
                                                                                                          • String ID:
                                                                                                          • API String ID: 2289755597-0
                                                                                                          • Opcode ID: dd11f331a03a7e919b3b552762f459d9b300b8eb297b5b00b8bd6a02621f82e7
                                                                                                          • Instruction ID: bbafd78492728de0880439df73edd4a9b336895ffd3ce2e2e2113611409f0f74
                                                                                                          • Opcode Fuzzy Hash: dd11f331a03a7e919b3b552762f459d9b300b8eb297b5b00b8bd6a02621f82e7
                                                                                                          • Instruction Fuzzy Hash: C1317076504344AFEB21CB65DC44FA7BBFCFF05214F08899AF9859B662D324E908CB61
                                                                                                          Function 05940F73 Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 793 5940f73-5940f93 794 5940fb5-5940fe7 793->794 795 5940f95-5940fb4 793->795 799 5940fea-5941042 RegQueryValueExW 794->799 795->794 801 5941048-594105e 799->801
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 0594103A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 05cc75c55ad119ed89926bc0bcf77a7b55aa044aa94f9f546e5d7f9d6e0b36a2
                                                                                                          • Instruction ID: 3715a56f2bb414b92046c71cc23b6b3dca1c59a75db3fde0632f7fc40cf83bc4
                                                                                                          • Opcode Fuzzy Hash: 05cc75c55ad119ed89926bc0bcf77a7b55aa044aa94f9f546e5d7f9d6e0b36a2
                                                                                                          • Instruction Fuzzy Hash: 4D316B7510E3C06FD3139B258C65A61BFB4EF47610B0E85DBD8C48F6A3D2296909DBB2
                                                                                                          Function 05941BA0 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 802 5941ba0-5941c5f 808 5941cb1-5941cb6 802->808 809 5941c61-5941c69 getaddrinfo 802->809 808->809 810 5941c6f-5941c81 809->810 812 5941c83-5941cae 810->812 813 5941cb8-5941cbd 810->813 813->812
                                                                                                          APIs
                                                                                                          • getaddrinfo.WS2_32(?,00000E24), ref: 05941C67
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: getaddrinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 300660673-0
                                                                                                          • Opcode ID: d265c5feff59b977bd0b7ea0adfe4caf43b801cf35fd512292e3fda4872494a7
                                                                                                          • Instruction ID: cb62e44114b33e4706f88b1515a0f99195920d9d593d023aad73db3c500af85e
                                                                                                          • Opcode Fuzzy Hash: d265c5feff59b977bd0b7ea0adfe4caf43b801cf35fd512292e3fda4872494a7
                                                                                                          • Instruction Fuzzy Hash: 5C31C2B2504344AFEB21CB51DC84FA6FBACEF04314F04899AFA489B291D374A948CB71
                                                                                                          Function 05941E2E Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 817 5941e2e-5941ef0 GetVolumeInformationA 820 5941ef6-5941f1f 817->820
                                                                                                          APIs
                                                                                                          • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 05941EEE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InformationVolume
                                                                                                          • String ID:
                                                                                                          • API String ID: 2039140958-0
                                                                                                          • Opcode ID: a4568705860b3f7bd3687a677fa968e6148736883b2bef9757accbac04c02e08
                                                                                                          • Instruction ID: 94642822a8a47aaaaeca892f9cde59aae56f773d407bd29aac1d50fdea8e108a
                                                                                                          • Opcode Fuzzy Hash: a4568705860b3f7bd3687a677fa968e6148736883b2bef9757accbac04c02e08
                                                                                                          • Instruction Fuzzy Hash: B2318F7150D3C06FD3038B358C61AA2BFB8AF47210F0D84CBD8C48F6A3D225A959C7A2
                                                                                                          Function 02BAAB1E Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 822 2baab1e-2baab84 824 2baab8a-2baab9b 822->824 825 2baaba1-2baabad 824->825 826 2baabaf 825->826 827 2baabb2-2baabc9 825->827 826->827 829 2baac0b-2baac10 827->829 830 2baabcb-2baabde RegOpenKeyExW 827->830 829->830 831 2baac12-2baac17 830->831 832 2baabe0-2baac08 830->832 831->832
                                                                                                          APIs
                                                                                                          • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 02BAABD1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open
                                                                                                          • String ID:
                                                                                                          • API String ID: 71445658-0
                                                                                                          • Opcode ID: cf56707a53b01e9ede37a117270d61bc058ab62a54877714d6aa6be2b70e64bd
                                                                                                          • Instruction ID: 7fca030e91ce7599457f896d7718434189b0ad92e3e7b7b59d38808e220d0ee7
                                                                                                          • Opcode Fuzzy Hash: cf56707a53b01e9ede37a117270d61bc058ab62a54877714d6aa6be2b70e64bd
                                                                                                          • Instruction Fuzzy Hash: 0731A4725083846FE7228B51DC84FA7BFBCEF06214F0885DAE9859B653D324A908CB71
                                                                                                          Function 02BAA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 837 2baa612-2baa695 841 2baa69a-2baa6a3 837->841 842 2baa697 837->842 843 2baa6a8-2baa6b1 841->843 844 2baa6a5 841->844 842->841 845 2baa702-2baa707 843->845 846 2baa6b3-2baa6d7 CreateMutexW 843->846 844->843 845->846 849 2baa709-2baa70e 846->849 850 2baa6d9-2baa6ff 846->850 849->850
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNEL32(?,?), ref: 02BAA6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: 9e1963a585da576dae7ba94bc69dddb03ebd9cf10ad5aec102f8775dc681e5df
                                                                                                          • Instruction ID: 175be7c09b9a2d6aa672a5c06951ba00a439295cf0ff97723d485fa40f8f4a1e
                                                                                                          • Opcode Fuzzy Hash: 9e1963a585da576dae7ba94bc69dddb03ebd9cf10ad5aec102f8775dc681e5df
                                                                                                          • Instruction Fuzzy Hash: 413193B15093846FE711CB25DC95B96BFF8EF06214F08849AE944CF292D375E909CB71
                                                                                                          Function 0594148C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 853 594148c-594150d 857 5941512-594151b 853->857 858 594150f 853->858 859 5941573-5941578 857->859 860 594151d-5941525 ConvertStringSecurityDescriptorToSecurityDescriptorW 857->860 858->857 859->860 861 594152b-594153d 860->861 863 594153f-5941570 861->863 864 594157a-594157f 861->864 864->863
                                                                                                          APIs
                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05941523
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DescriptorSecurity$ConvertString
                                                                                                          • String ID:
                                                                                                          • API String ID: 3907675253-0
                                                                                                          • Opcode ID: bdb7cda35c98f9d5ab40480e4e37240c601c15771c7a402eee8d9e4ef0cde115
                                                                                                          • Instruction ID: b7bc45e79157ab8e869239a2014569a3e675e8fc493ff3091432123977746e94
                                                                                                          • Opcode Fuzzy Hash: bdb7cda35c98f9d5ab40480e4e37240c601c15771c7a402eee8d9e4ef0cde115
                                                                                                          • Instruction Fuzzy Hash: AB3193725043846FEB21CF65DC45FA7BFECEF05210F0884AAE945DB652D364E908CB61
                                                                                                          Function 02BAAE79 Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 868 2baae79-2baaef6 872 2baaefb-2baaf07 868->872 873 2baaef8 868->873 874 2baaf09 872->874 875 2baaf0c-2baaf15 872->875 873->872 874->875 876 2baaf66-2baaf6b 875->876 877 2baaf17-2baaf3b CreateFileW 875->877 876->877 880 2baaf6d-2baaf72 877->880 881 2baaf3d-2baaf63 877->881 880->881
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 02BAAF1D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 823142352-0
                                                                                                          • Opcode ID: d19146bb9604f68503560a94db6b3c8e93a2a5d0eab30f75a62ea9340b76e307
                                                                                                          • Instruction ID: a91e3f62491aa39c98c1932a3146ca9bffe763bc017d0d7f8f7f2a85e8e686e5
                                                                                                          • Opcode Fuzzy Hash: d19146bb9604f68503560a94db6b3c8e93a2a5d0eab30f75a62ea9340b76e307
                                                                                                          • Instruction Fuzzy Hash: 52318FB1509344AFE721CF65DC84F56BBF8EF05614F0888AEE9858B652D375E408CB71
                                                                                                          Function 02BABDD8 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetExitCodeProcess.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BABE6C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CodeExitProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 3861947596-0
                                                                                                          • Opcode ID: 4b4a0770b0ba9ff3085bca2762778aa4c37618cbaf0211a235b21136822ead07
                                                                                                          • Instruction ID: 42ca2f4551b6cafc36d684e786a1dc0a6f4db897cd1df2e89318b1fcfeb55bea
                                                                                                          • Opcode Fuzzy Hash: 4b4a0770b0ba9ff3085bca2762778aa4c37618cbaf0211a235b21136822ead07
                                                                                                          • Instruction Fuzzy Hash: CA21D6725093845FE7128F25DC45B96BFB8EF46324F0884DBE944CF193D364A909CB61
                                                                                                          Function 05942E1E Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 05942EB9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Create
                                                                                                          • String ID:
                                                                                                          • API String ID: 2289755597-0
                                                                                                          • Opcode ID: 6d6c761b3fff5bb2045564ee96a7069de96130eb1ab48c0043d720b2775e7a96
                                                                                                          • Instruction ID: 099a33d583246b49137dd26c4cd9953a27164a98fbabd36d6eadf9c9d76813e9
                                                                                                          • Opcode Fuzzy Hash: 6d6c761b3fff5bb2045564ee96a7069de96130eb1ab48c0043d720b2775e7a96
                                                                                                          • Instruction Fuzzy Hash: 27216B76600208AEEB21DB15DC44FABBBECFF08614F04896AF9459B651E734E9088E61
                                                                                                          Function 02BAA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAA40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 8401faf9e842ce0c9ba049da0016f6c85f603a5a471929ed6e6db0bc45cb8ca4
                                                                                                          • Instruction ID: 536db08b42fb4b06da0c247c478c94da133eb0926c76f3869090485d248bd598
                                                                                                          • Opcode Fuzzy Hash: 8401faf9e842ce0c9ba049da0016f6c85f603a5a471929ed6e6db0bc45cb8ca4
                                                                                                          • Instruction Fuzzy Hash: C3316D75509784AFE722CF11DC84F92BBF8EF06614F0885DAE9858B692D324E909CB71
                                                                                                          Function 05941A98 Relevance: 1.6, APIs: 1, Instructions: 85timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcessTimes.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 05941B35
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProcessTimes
                                                                                                          • String ID:
                                                                                                          • API String ID: 1995159646-0
                                                                                                          • Opcode ID: dda606e3f62944c97c6015df5eabc4c526ec33d8abcacd7439ce78a6dd87346e
                                                                                                          • Instruction ID: 5d9b0c888a9a5d09d021e8912a8356ad2de38406295bf30c0fb068e75fdfd927
                                                                                                          • Opcode Fuzzy Hash: dda606e3f62944c97c6015df5eabc4c526ec33d8abcacd7439ce78a6dd87346e
                                                                                                          • Instruction Fuzzy Hash: BA2128725053446FD722CF11DC45FA6BFBCEF06324F0885AAE9448B162D334A908CB71
                                                                                                          Function 05943160 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcessWorkingSetSize.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 059431F7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProcessSizeWorking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3584180929-0
                                                                                                          • Opcode ID: 99c869fbc2f0a212d03150148d36f8ce46dda81942cf779df4e72bd2b2709627
                                                                                                          • Instruction ID: 593f2fcb70052403ddc2bd6f2e416cab231807019f66e31e153c064cf739efaf
                                                                                                          • Opcode Fuzzy Hash: 99c869fbc2f0a212d03150148d36f8ce46dda81942cf779df4e72bd2b2709627
                                                                                                          • Instruction Fuzzy Hash: 9C21A5725093846FD712CB21DC55F96BFA8AF46224F0884EAE9448F193D225A949CB62
                                                                                                          Function 05941BC2 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • getaddrinfo.WS2_32(?,00000E24), ref: 05941C67
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: getaddrinfo
                                                                                                          • String ID:
                                                                                                          • API String ID: 300660673-0
                                                                                                          • Opcode ID: 39fb4602c0a7b0775b44b1cde575b19a0128a76a1e36aab0a34f030e7a5d72c2
                                                                                                          • Instruction ID: 8c53a430857818b40d0c92f7ea410643d2f7c56d1657a3f5820217e208ba2643
                                                                                                          • Opcode Fuzzy Hash: 39fb4602c0a7b0775b44b1cde575b19a0128a76a1e36aab0a34f030e7a5d72c2
                                                                                                          • Instruction Fuzzy Hash: 4A21B572500204AEEB20DF51DD84FA6F7ACEF04714F04895AFE499A681D775A948CF71
                                                                                                          Function 05943091 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: select
                                                                                                          • String ID:
                                                                                                          • API String ID: 1274211008-0
                                                                                                          • Opcode ID: 8e1c93798065aa8a5098648db8a2e5eefd9d31d5a1696e6c01dd34dbe2131a2a
                                                                                                          • Instruction ID: 6260bdb48e3c5f773a27e1df171d5584f1da376d8d3090b218da44f3c80f5588
                                                                                                          • Opcode Fuzzy Hash: 8e1c93798065aa8a5098648db8a2e5eefd9d31d5a1696e6c01dd34dbe2131a2a
                                                                                                          • Instruction Fuzzy Hash: 0F218D711093849FDB12CF24DC44F62BFF8EF0A214F0888DAE884CB662D364E849CB61
                                                                                                          Function 02BAAF74 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetFileType.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAB009
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileType
                                                                                                          • String ID:
                                                                                                          • API String ID: 3081899298-0
                                                                                                          • Opcode ID: 929c6b0e908c75cc0d8ee5e532eebb53118a2e6f1e0f43c54a9177d2a93c1ad0
                                                                                                          • Instruction ID: 76f49f01dff6430402d371478d04ac211193bbe3c07248c3a4c523f698148f3a
                                                                                                          • Opcode Fuzzy Hash: 929c6b0e908c75cc0d8ee5e532eebb53118a2e6f1e0f43c54a9177d2a93c1ad0
                                                                                                          • Instruction Fuzzy Hash: 282128B25097806FE7128B15DC85BA2BFACEF06324F0985D6ED408B293D364A909C775
                                                                                                          Function 02BAA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAA4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: 9fc3026c1908d64a0b4a6825a145052fcb729856212c455d00f7f194379b69cc
                                                                                                          • Instruction ID: b2e2381a72ab633140009ab391961b287f5b77f86106f1323026d72e491934cc
                                                                                                          • Opcode Fuzzy Hash: 9fc3026c1908d64a0b4a6825a145052fcb729856212c455d00f7f194379b69cc
                                                                                                          • Instruction Fuzzy Hash: 00218EB25083846FD7228F11DC54FA7BFB8EF46224F08859AED859B652D364E808CB71
                                                                                                          Function 054A27B8 Relevance: 1.6, Strings: 1, Instructions: 327COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: 1ad4dea1020fe67e66a8e309664117ed26ab031139ff17823d8d5dd96200f677
                                                                                                          • Instruction ID: b6b47d9b11120db4533f547e653eeb87c76e0ba6cd5049ee90e3c6ce38dc7e02
                                                                                                          • Opcode Fuzzy Hash: 1ad4dea1020fe67e66a8e309664117ed26ab031139ff17823d8d5dd96200f677
                                                                                                          • Instruction Fuzzy Hash: 3DD13B35B05214DFCB09DFB8F4589AE77B2EB99204B20846DE802973A5DF799C12DB90
                                                                                                          Function 05941642 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileView
                                                                                                          • String ID:
                                                                                                          • API String ID: 3314676101-0
                                                                                                          • Opcode ID: c88f23fb6d3d7221c679f646566368bd48cf107934740ecb7c90323d2421c6bd
                                                                                                          • Instruction ID: 3333b944fa58c600d2c521050625e3845a904950ea0bcf4e454675a4f13ab51a
                                                                                                          • Opcode Fuzzy Hash: c88f23fb6d3d7221c679f646566368bd48cf107934740ecb7c90323d2421c6bd
                                                                                                          • Instruction Fuzzy Hash: D121B171505344AFE722CF15CC44F96FFF8EF09224F08859EE9848B652D375A508CBA1
                                                                                                          Function 05941066 Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 059410F2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Socket
                                                                                                          • String ID:
                                                                                                          • API String ID: 38366605-0
                                                                                                          • Opcode ID: bba62b0a9e5c2f2d00b1dfc4087b147fa64674e079de26e1fb9fbf13856c3325
                                                                                                          • Instruction ID: 961a5bceef4b0b390e8554b0019f1f95ed1fc46a4feac08a18f509def4b28e54
                                                                                                          • Opcode Fuzzy Hash: bba62b0a9e5c2f2d00b1dfc4087b147fa64674e079de26e1fb9fbf13856c3325
                                                                                                          • Instruction Fuzzy Hash: 0F21A271505344AFE721CF51DC44F96FFB8EF05310F04889EE9858B652D375A408CB61
                                                                                                          Function 02BAAE9E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 02BAAF1D
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 823142352-0
                                                                                                          • Opcode ID: 4a5369f620bd63566804d40983cb2176aeed6fd974b854fad7a39641475056b0
                                                                                                          • Instruction ID: 913380f54dc6688a0809cb213a564fb2053c9395dcf466157d0a495de5c38fb2
                                                                                                          • Opcode Fuzzy Hash: 4a5369f620bd63566804d40983cb2176aeed6fd974b854fad7a39641475056b0
                                                                                                          • Instruction Fuzzy Hash: 3921A1B2604204AFEB20CF25CD44F66FBE8EF08614F0488AAED45CB651D376E408CB71
                                                                                                          Function 02BAB304 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadFile.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAB389
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 2738559852-0
                                                                                                          • Opcode ID: 83884611715e47dd869ad58f56160dfb210188d39bd003e2e226fddaf91313de
                                                                                                          • Instruction ID: 7a5f295c58470debefc2be3132e3d23271246afaa516659f072b3172c005f844
                                                                                                          • Opcode Fuzzy Hash: 83884611715e47dd869ad58f56160dfb210188d39bd003e2e226fddaf91313de
                                                                                                          • Instruction Fuzzy Hash: 1921C5725053446FEB228F51DC44FA7BFE8EF46314F0488AAFD459B552C325A408CBB1
                                                                                                          Function 0594139A Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 05941438
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: a3c396dab9ff4c3afc628a5ddd0f991874418a8997a31c6bb8a5d9e4356d7026
                                                                                                          • Instruction ID: b81d39b0f6261ba568ba0cbd64e2ba9692712add7b9765c53328feb831f166ec
                                                                                                          • Opcode Fuzzy Hash: a3c396dab9ff4c3afc628a5ddd0f991874418a8997a31c6bb8a5d9e4356d7026
                                                                                                          • Instruction Fuzzy Hash: C9219C72608384AFE722CB51DC44FA6BFFCAF45314F08859AE9459B692D324E908CB61
                                                                                                          Function 059414B2 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 05941523
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DescriptorSecurity$ConvertString
                                                                                                          • String ID:
                                                                                                          • API String ID: 3907675253-0
                                                                                                          • Opcode ID: a719f2ee2a292b9ba3a4ab7e26f22d18812d3fc3be78ad1236f8455e9b322953
                                                                                                          • Instruction ID: fd3734556ce6ca21717e88e355a3b1448ba6f59c5753d63c8230b664f6bca118
                                                                                                          • Opcode Fuzzy Hash: a719f2ee2a292b9ba3a4ab7e26f22d18812d3fc3be78ad1236f8455e9b322953
                                                                                                          • Instruction Fuzzy Hash: 39219272A00244AFEB20DF25DC45FAAFBACEF04214F04886AED45DB651D774E948CE71
                                                                                                          Function 059400B8 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • K32EnumProcesses.KERNEL32(?,?,?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 0594013E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnumProcesses
                                                                                                          • String ID:
                                                                                                          • API String ID: 84517404-0
                                                                                                          • Opcode ID: b56437347fd5fb514d6ad1bf3d6d42793045ec8ce664459702241c0f3c0394da
                                                                                                          • Instruction ID: 365f6fb1100e573873ee5ccd7a5d8de2f2268225291f13dac654effbe57590ef
                                                                                                          • Opcode Fuzzy Hash: b56437347fd5fb514d6ad1bf3d6d42793045ec8ce664459702241c0f3c0394da
                                                                                                          • Instruction Fuzzy Hash: A4216D7150D3C49FD7128B65DC55A92BFB8AF07210F0D84DBD985CF1A3D2249918CB62
                                                                                                          Function 02BAAB52 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 02BAABD1
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Open
                                                                                                          • String ID:
                                                                                                          • API String ID: 71445658-0
                                                                                                          • Opcode ID: 6a9b4c2e0c8fa92baa7229b7ef94688d1851046282cb2c2a80d0d7c124ec8161
                                                                                                          • Instruction ID: dda89ebb708e62a3038ae1adca34a6f0798454a5c51bc1420ec2b61b8d5299c8
                                                                                                          • Opcode Fuzzy Hash: 6a9b4c2e0c8fa92baa7229b7ef94688d1851046282cb2c2a80d0d7c124ec8161
                                                                                                          • Instruction Fuzzy Hash: DB219F72604204AFE7209F11DC84FABFBBCEF08214F0485AAED459B652D734E948CAB1
                                                                                                          Function 0594325F Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetProcessWorkingSetSize.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 059432DB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProcessSizeWorking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3584180929-0
                                                                                                          • Opcode ID: 00adbce1ee245b2bb291b26f5e451c731c32b0f9254e504efca1997ef7f0ba88
                                                                                                          • Instruction ID: 1976d14e03211ff93e09dba6b572995caf54766d9bf15a5a913d236fb3414961
                                                                                                          • Opcode Fuzzy Hash: 00adbce1ee245b2bb291b26f5e451c731c32b0f9254e504efca1997ef7f0ba88
                                                                                                          • Instruction Fuzzy Hash: C121D4715093846FD721CF25DC44FA7BFACEF05224F0888AAED45CB252D374A808CB61
                                                                                                          Function 02BAA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNEL32(?,?), ref: 02BAA6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: 6eacb3a5a7dd4ddc888c3cb5c7845ade20874392b1bf61f20e97477c4fffc82c
                                                                                                          • Instruction ID: ad026fb919a4bfef2e05f8f9b071193260ee29bc61e570a5900bb82e01a68988
                                                                                                          • Opcode Fuzzy Hash: 6eacb3a5a7dd4ddc888c3cb5c7845ade20874392b1bf61f20e97477c4fffc82c
                                                                                                          • Instruction Fuzzy Hash: 9B219271604204AFE710DF29DD85BA6FBF8EF04224F0488AAED458B741D775E809CA71
                                                                                                          Function 059418D9 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • shutdown.WS2_32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 0594195C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: shutdown
                                                                                                          • String ID:
                                                                                                          • API String ID: 2510479042-0
                                                                                                          • Opcode ID: ab7b1aca41726609ce31b3c9d84ba1884338aac96f056751ff4fa338ab01d3d4
                                                                                                          • Instruction ID: 6038a65f96d574ff0812e550049da8928f3af84b99bf3f09eec7bc99f1e614aa
                                                                                                          • Opcode Fuzzy Hash: ab7b1aca41726609ce31b3c9d84ba1884338aac96f056751ff4fa338ab01d3d4
                                                                                                          • Instruction Fuzzy Hash: 4721A7715093846FD712CB11DC44F96FFB8EF46224F0885DBE9449F252D368A548CB62
                                                                                                          Function 02BAB9F3 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 02BABA6A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3899507212-0
                                                                                                          • Opcode ID: 82ee9ccdc22b470f398ddedd04c3b50b1ae47d89f0f73580b7f3f901812a9652
                                                                                                          • Instruction ID: fb1995c6134a97b4484651d313f059873252dd0aa607e1008a1a376368b28d55
                                                                                                          • Opcode Fuzzy Hash: 82ee9ccdc22b470f398ddedd04c3b50b1ae47d89f0f73580b7f3f901812a9652
                                                                                                          • Instruction Fuzzy Hash: 8C216F726093805FDB218F25DC54B52BFE8EF46214F0884DAED95DB252D675E408CB61
                                                                                                          Function 02BAA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAA40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 048c8212fa7693c5eb538e929fa93eb5fb008e73185bbb6eb82cbeba0c238284
                                                                                                          • Instruction ID: b46a8bbeafa6a5dad5f8ca78b6d139411f37473b45e692bfff7f07d703c69a83
                                                                                                          • Opcode Fuzzy Hash: 048c8212fa7693c5eb538e929fa93eb5fb008e73185bbb6eb82cbeba0c238284
                                                                                                          • Instruction Fuzzy Hash: 9B218C76604604AFEB20CE15DC84FA6F7FCEF04624F08C5AAED458B691D764E849CA71
                                                                                                          Function 05942FCB Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ioctlsocket.WS2_32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 05943047
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ioctlsocket
                                                                                                          • String ID:
                                                                                                          • API String ID: 3577187118-0
                                                                                                          • Opcode ID: 19713bee60a15b23533adc306ca8850d29dee54ce8ff09558c8e3565c89bbc0a
                                                                                                          • Instruction ID: 7567845fc8b70cd669b16c88731c5a7170938d399a090c25f71fe578f074b891
                                                                                                          • Opcode Fuzzy Hash: 19713bee60a15b23533adc306ca8850d29dee54ce8ff09558c8e3565c89bbc0a
                                                                                                          • Instruction Fuzzy Hash: ED21C3715093846FDB22CF11DC44FA6BFB8EF45324F0889AAED459B652C374A508CBA2
                                                                                                          Function 02BAAC19 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFileAttributesW.KERNEL32(?,?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAAC97
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: bf41d99180aa812849194712e14b0e17ad3983a1901617d445371e12fe71d1f0
                                                                                                          • Instruction ID: 700375cc7ddc66e3184fd1a0d296ef0a210991608eeee457fbb4207376fcef7e
                                                                                                          • Opcode Fuzzy Hash: bf41d99180aa812849194712e14b0e17ad3983a1901617d445371e12fe71d1f0
                                                                                                          • Instruction Fuzzy Hash: F521A4725093C45FEB12CF25DC95B92BFF8EF06324F0984EAE8858B263D2749449CB61
                                                                                                          Function 05941086 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSASocketW.WS2_32(?,?,?,?,?), ref: 059410F2
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Socket
                                                                                                          • String ID:
                                                                                                          • API String ID: 38366605-0
                                                                                                          • Opcode ID: fdbb3efd709a783ea059a297065288ad75fd4df6a385c6f50d2989f4d5d938eb
                                                                                                          • Instruction ID: f01467b40f6d7bda091c324b770bb3b60991941f4632ca1dacb3d7c4b3b8c97f
                                                                                                          • Opcode Fuzzy Hash: fdbb3efd709a783ea059a297065288ad75fd4df6a385c6f50d2989f4d5d938eb
                                                                                                          • Instruction Fuzzy Hash: B121D171500204AFEB21CF52DD45FA6FBE8EF08324F04886EED458A651D376A848CB71
                                                                                                          Function 05941D72 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05941DEE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Connect
                                                                                                          • String ID:
                                                                                                          • API String ID: 3144859779-0
                                                                                                          • Opcode ID: 74dd71d9b1b638b7a7515d96951974ef044e778fc322def333a62de87480d4e2
                                                                                                          • Instruction ID: fba8eb33854a239900561da67827884fd0d29c37f048e6cf4dfb091048b11828
                                                                                                          • Opcode Fuzzy Hash: 74dd71d9b1b638b7a7515d96951974ef044e778fc322def333a62de87480d4e2
                                                                                                          • Instruction Fuzzy Hash: 97219F76508784AFDB228F51DC44F62BFF8EF06310F0888DAED858B562D335A818DB61
                                                                                                          Function 05941662 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileView
                                                                                                          • String ID:
                                                                                                          • API String ID: 3314676101-0
                                                                                                          • Opcode ID: 34b045cc4a8ad5da4fee15013bd3f14f48c77c3bd2081fb2c51d672223ab4ff3
                                                                                                          • Instruction ID: b5c0b479accf1264469317ce254a8b8dc04ddc02d004f26ce39084c2afd02d4e
                                                                                                          • Opcode Fuzzy Hash: 34b045cc4a8ad5da4fee15013bd3f14f48c77c3bd2081fb2c51d672223ab4ff3
                                                                                                          • Instruction Fuzzy Hash: 4521AE72500204AFE721CF56DC85FA6FBE8EF08224F088969ED458B651D375E848CBA1
                                                                                                          Function 0594210A Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadLibraryA.KERNEL32(?,00000E24), ref: 05942193
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: e8de0e16d1563697ce427ea8514608aedefca34b842d4b94c8a656651acbace3
                                                                                                          • Instruction ID: 911158d21d7efb86d5ec803a115468be14df98fbbf81404bfd4366870fc64642
                                                                                                          • Opcode Fuzzy Hash: e8de0e16d1563697ce427ea8514608aedefca34b842d4b94c8a656651acbace3
                                                                                                          • Instruction Fuzzy Hash: B411E1755053446FEB21CB11DC85FA6FFBCEF05320F08849AFD449B292C3A8A948CB62
                                                                                                          Function 02BAA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAA4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: f3f8c0ecfa95689dde2b6ad2031235889d2ab9d231cbf415c7c916b4905b5466
                                                                                                          • Instruction ID: 15768528d2f4e71104e213fd792587209ffd89372e7f38106e74a1930ee60fd1
                                                                                                          • Opcode Fuzzy Hash: f3f8c0ecfa95689dde2b6ad2031235889d2ab9d231cbf415c7c916b4905b5466
                                                                                                          • Instruction Fuzzy Hash: E011D372604604AFEB208E11DC44FA7FBFCEF04614F08859AED459A652D775E448CA75
                                                                                                          Function 059413C6 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 05941438
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: ef93c7e82fb57f612cba77db1d03e6234c8750d3744197de4204fca9d676ff1a
                                                                                                          • Instruction ID: 96f25945b594f991e705b3ef508e8d3ace1c6b03389eac829e3798ececd219f1
                                                                                                          • Opcode Fuzzy Hash: ef93c7e82fb57f612cba77db1d03e6234c8750d3744197de4204fca9d676ff1a
                                                                                                          • Instruction Fuzzy Hash: A011AF72600204AFE720CE51DC44FA6BBECEF04714F08856AED459AA51D374E948DAB1
                                                                                                          Function 02BAADB4 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CopyFileW.KERNEL32(?,?,?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAAE1E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CopyFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 1304948518-0
                                                                                                          • Opcode ID: a3166293f9a57e3b828897fb068dc0165f8d7b2b635340c2838a0ffd9f0bfd34
                                                                                                          • Instruction ID: e7fff2d485dfb6e0ee2a12f175a316c3ff07f952812299e40b3380594e98a1bc
                                                                                                          • Opcode Fuzzy Hash: a3166293f9a57e3b828897fb068dc0165f8d7b2b635340c2838a0ffd9f0bfd34
                                                                                                          • Instruction Fuzzy Hash: FB115E725093809FD711CF25DC95B52BFE8EF05610F0984AAE985DB652D324E804CB61
                                                                                                          Function 05941AD6 Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcessTimes.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 05941B35
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProcessTimes
                                                                                                          • String ID:
                                                                                                          • API String ID: 1995159646-0
                                                                                                          • Opcode ID: d6a6848840540e3e334687fffa660a42a15138c01420dfade45885eadd13b2bc
                                                                                                          • Instruction ID: 5441daa97a0cdd47e0c738059f89458805b2f2b91b615ec174ffa251dd6e79ac
                                                                                                          • Opcode Fuzzy Hash: d6a6848840540e3e334687fffa660a42a15138c01420dfade45885eadd13b2bc
                                                                                                          • Instruction Fuzzy Hash: 0C11D072600204AFEB21CF51DC45FAABBACEF44324F04886AED058B651D375E848DBA1
                                                                                                          Function 0594319E Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetProcessWorkingSetSize.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 059431F7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProcessSizeWorking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3584180929-0
                                                                                                          • Opcode ID: 882ffcfb60cd1c318615151184ab0ee808cd0804425256f608411c1e07b8929f
                                                                                                          • Instruction ID: 1a624e39ba21e83fc7d9537efc1e90d6f6a2a9b9982cbe6128b0a9c9ccb93320
                                                                                                          • Opcode Fuzzy Hash: 882ffcfb60cd1c318615151184ab0ee808cd0804425256f608411c1e07b8929f
                                                                                                          • Instruction Fuzzy Hash: 9B11C472600204AFEB20CF65DC45FAABBACEF04324F04886AED058B641D375E848CBB5
                                                                                                          Function 05943282 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetProcessWorkingSetSize.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 059432DB
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ProcessSizeWorking
                                                                                                          • String ID:
                                                                                                          • API String ID: 3584180929-0
                                                                                                          • Opcode ID: 882ffcfb60cd1c318615151184ab0ee808cd0804425256f608411c1e07b8929f
                                                                                                          • Instruction ID: d48e6e2963c93a818f080829d0ffe26af05fc0974fcc1696dd94408eb8277d1c
                                                                                                          • Opcode Fuzzy Hash: 882ffcfb60cd1c318615151184ab0ee808cd0804425256f608411c1e07b8929f
                                                                                                          • Instruction Fuzzy Hash: EC119472600204AFEB11CF65DC45FAABBACEF04324F04886AED059B651D775E848CEB5
                                                                                                          Function 02BABE16 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetExitCodeProcess.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BABE6C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CodeExitProcess
                                                                                                          • String ID:
                                                                                                          • API String ID: 3861947596-0
                                                                                                          • Opcode ID: ba6ec8c495647659d3babfa992b6bef80692e6e60556fbc57fec3230d959dd74
                                                                                                          • Instruction ID: 1916a5f48491d6d57edf017b667f8402f2e1e599a4c8c3c03f0a6e1d1dd1a401
                                                                                                          • Opcode Fuzzy Hash: ba6ec8c495647659d3babfa992b6bef80692e6e60556fbc57fec3230d959dd74
                                                                                                          • Instruction Fuzzy Hash: EE11A771604204AFEB11DF15DC85BA6FB98DF44224F0488AAED05CB651D775A548CAA1
                                                                                                          Function 02BAB32A Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ReadFile.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAB389
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileRead
                                                                                                          • String ID:
                                                                                                          • API String ID: 2738559852-0
                                                                                                          • Opcode ID: b3488bd5f192c6518eec1f08b99571f2dfbfdf4154148676edb80b0e6463d092
                                                                                                          • Instruction ID: 7cc03fad3f9dda40ae0781e8aa8e5559e2aecee438146f9cbc1fff57bd65c1ea
                                                                                                          • Opcode Fuzzy Hash: b3488bd5f192c6518eec1f08b99571f2dfbfdf4154148676edb80b0e6463d092
                                                                                                          • Instruction Fuzzy Hash: AA11E372504204AFEB21CF51DC44FAAFBE8EF04328F04C8AAED458B651C375A408CBB2
                                                                                                          Function 05942FEE Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • ioctlsocket.WS2_32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 05943047
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ioctlsocket
                                                                                                          • String ID:
                                                                                                          • API String ID: 3577187118-0
                                                                                                          • Opcode ID: f391b825ac89c452830bd1eebcbcf7f72baded59709995fc1b6dbe6fa7b61690
                                                                                                          • Instruction ID: 29a2b001c40e9265b875fcbdde5b73f1e8dcc3e945d69e912e242ce8fa7d1636
                                                                                                          • Opcode Fuzzy Hash: f391b825ac89c452830bd1eebcbcf7f72baded59709995fc1b6dbe6fa7b61690
                                                                                                          • Instruction Fuzzy Hash: 6411E771500204AFEB20CF11DC44FA6FBA8EF04324F04896AED058B641C375A848CEB1
                                                                                                          Function 05941906 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • shutdown.WS2_32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 0594195C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: shutdown
                                                                                                          • String ID:
                                                                                                          • API String ID: 2510479042-0
                                                                                                          • Opcode ID: 303a0ed036225a9edb73119108aee9ce84e0d92878b9e6541259f676a8f9dcc0
                                                                                                          • Instruction ID: 2f1cb6c689f80dea5c0651070eaba3da6dd8dadcf41ab1189859363e6556efc2
                                                                                                          • Opcode Fuzzy Hash: 303a0ed036225a9edb73119108aee9ce84e0d92878b9e6541259f676a8f9dcc0
                                                                                                          • Instruction Fuzzy Hash: 4D11C671500204AFEB10CF11DC84FAABBE8EF04324F0488A6ED049B741D375A848CAB5
                                                                                                          Function 05942055 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CoGetObjectContext.COMBASE(?,?), ref: 059420C7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 3343934925-0
                                                                                                          • Opcode ID: d7aba9c3e22ca6bef4d77acbdac05eaa25bf865a635c0e1ee17abca9e2fc63fe
                                                                                                          • Instruction ID: 3263b43c2a8ce64dddee9d86b700e2aad71f1da9022be56d8316b0342bfa4a9f
                                                                                                          • Opcode Fuzzy Hash: d7aba9c3e22ca6bef4d77acbdac05eaa25bf865a635c0e1ee17abca9e2fc63fe
                                                                                                          • Instruction Fuzzy Hash: D7117F754093849FDB128F15CD45A61BFB4EF06320F0984DAED454F262D369A849DB62
                                                                                                          Function 02BAA2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetErrorMode.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAA330
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorMode
                                                                                                          • String ID:
                                                                                                          • API String ID: 2340568224-0
                                                                                                          • Opcode ID: a12cfbd7d6335fbf618306e47fe5be7dcff52322576b9a4f6e511d105eaba0a7
                                                                                                          • Instruction ID: 80026125300a1e49742a628e825a8bad591fcd48c16bf01cf492713abd68114b
                                                                                                          • Opcode Fuzzy Hash: a12cfbd7d6335fbf618306e47fe5be7dcff52322576b9a4f6e511d105eaba0a7
                                                                                                          • Instruction Fuzzy Hash: 8C118F7140D3C06FDB128B15DC54B62BFB4DF47224F0984DBED848B263C2656918DB72
                                                                                                          Function 0594212A Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LoadLibraryA.KERNEL32(?,00000E24), ref: 05942193
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LibraryLoad
                                                                                                          • String ID:
                                                                                                          • API String ID: 1029625771-0
                                                                                                          • Opcode ID: 67d87723e2c9faa4b47148e3e28799e3a3da04433a4f8dde3b495629f29aacc3
                                                                                                          • Instruction ID: 8504db962f115d5b5daa4997c1916b31160f9cca33af050bebd4a1ded62ff17b
                                                                                                          • Opcode Fuzzy Hash: 67d87723e2c9faa4b47148e3e28799e3a3da04433a4f8dde3b495629f29aacc3
                                                                                                          • Instruction Fuzzy Hash: 4611E975500204AEEB20DB11DD81FB6F7A8EF04724F048495FE445A681D7B9A948CE71
                                                                                                          Function 05940450 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 059404B6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: 372379a201b622b27632f2599a0e6a6f665ccb988ae4a0accce9c83886872086
                                                                                                          • Instruction ID: f58f4b2b60743cf52d893714b0b0d3995c00b8541a035c6ef8a8c01e738fb825
                                                                                                          • Opcode Fuzzy Hash: 372379a201b622b27632f2599a0e6a6f665ccb988ae4a0accce9c83886872086
                                                                                                          • Instruction Fuzzy Hash: 4E117F32508780AFCB218F51DC44A56FFF4EF0A220F09889EEE858B562D375A418DB61
                                                                                                          Function 059430CA Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: select
                                                                                                          • String ID:
                                                                                                          • API String ID: 1274211008-0
                                                                                                          • Opcode ID: 804c9e4db53c1b9cfb88f97ba00739eb6bb12c84123e9b4e5fad3840d865c2cb
                                                                                                          • Instruction ID: c2bd1d8fe159385827d4ba65129919541daa2bfe7a8c207a23dafc8d57ea9ddf
                                                                                                          • Opcode Fuzzy Hash: 804c9e4db53c1b9cfb88f97ba00739eb6bb12c84123e9b4e5fad3840d865c2cb
                                                                                                          • Instruction Fuzzy Hash: C6114F756042449FDB20CF25D984FA2FBE8EF08714F0888AADD49CB651D375E888CF61
                                                                                                          Function 02BAA078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: send
                                                                                                          • String ID:
                                                                                                          • API String ID: 2809346765-0
                                                                                                          • Opcode ID: c0c39ef0b050506351d6cdb360cf47ef23a1fdbd7b76721a405016156ad13828
                                                                                                          • Instruction ID: 944ccc4c487d9cfc8335ae6ef000532a09a25bcbc3dccd2687808e3a3c8e00a4
                                                                                                          • Opcode Fuzzy Hash: c0c39ef0b050506351d6cdb360cf47ef23a1fdbd7b76721a405016156ad13828
                                                                                                          • Instruction Fuzzy Hash: C8119172509780AFDB22CF15DC44B52FFB4EF46224F0888DEED859B562C375A818DB62
                                                                                                          Function 02BABA22 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 02BABA6A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: LookupPrivilegeValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3899507212-0
                                                                                                          • Opcode ID: bced4ee67cea2dd2bcbd149dbf756d286be7123b0f881c0d8baa4fd591bc13bd
                                                                                                          • Instruction ID: 11662a34a726a0ab79423de036162b37798ec2b637a3c3f9a547442e23bbad76
                                                                                                          • Opcode Fuzzy Hash: bced4ee67cea2dd2bcbd149dbf756d286be7123b0f881c0d8baa4fd591bc13bd
                                                                                                          • Instruction Fuzzy Hash: 1C11A5B26042048FEB10CF25DC95B56FBE8EF14224F08C4AADC1ACB751D775E404CA71
                                                                                                          Function 02BAADD6 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CopyFileW.KERNEL32(?,?,?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAAE1E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CopyFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 1304948518-0
                                                                                                          • Opcode ID: bced4ee67cea2dd2bcbd149dbf756d286be7123b0f881c0d8baa4fd591bc13bd
                                                                                                          • Instruction ID: a440437e87ecefa44bf6a97bd75ff3a9fc6eb40d03523fecf82b8c76fc9d0db5
                                                                                                          • Opcode Fuzzy Hash: bced4ee67cea2dd2bcbd149dbf756d286be7123b0f881c0d8baa4fd591bc13bd
                                                                                                          • Instruction Fuzzy Hash: 9911C4B26042049FDB10CF29D885B56FBE8EF04624F18C8AADD49DB741D335E844CB71
                                                                                                          Function 02BAAFB6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetFileType.KERNEL32(?,00000E24,35C9D1D0,00000000,00000000,00000000,00000000), ref: 02BAB009
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: FileType
                                                                                                          • String ID:
                                                                                                          • API String ID: 3081899298-0
                                                                                                          • Opcode ID: d9128078fa184ac4b9f4e09eea6ad8aa3778349f43b0b3f9f1f2ec1460e805f5
                                                                                                          • Instruction ID: 7f00e1920f8707bac587d319914a6ba24fe9acfd74a6bbe0437aaf9ba67b404e
                                                                                                          • Opcode Fuzzy Hash: d9128078fa184ac4b9f4e09eea6ad8aa3778349f43b0b3f9f1f2ec1460e805f5
                                                                                                          • Instruction Fuzzy Hash: 9B01D672504204AFE720CB01DC85FA6FBA8EF14628F04C0A6ED048B741D379E548CAB5
                                                                                                          Function 02BAB1A8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindClose.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAB1FC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseFind
                                                                                                          • String ID:
                                                                                                          • API String ID: 1863332320-0
                                                                                                          • Opcode ID: 5643a09d4702c19e6c01db85f928f410ec307553246ec638e9cfc5be809ad26a
                                                                                                          • Instruction ID: e7dcaeba7d2ce06803970985a043184b4be4045be5254c6424d8748163c6fbb9
                                                                                                          • Opcode Fuzzy Hash: 5643a09d4702c19e6c01db85f928f410ec307553246ec638e9cfc5be809ad26a
                                                                                                          • Instruction Fuzzy Hash: 9B11A5765093809FDB128F15DC54B56FFB4DF06224F0884DBED858B662D275A908CB62
                                                                                                          Function 02BAA9E4 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForInputIdle.USER32(?,?), ref: 02BAAA3B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: IdleInputWait
                                                                                                          • String ID:
                                                                                                          • API String ID: 2200289081-0
                                                                                                          • Opcode ID: d504a26610e36f51b1930472ac8269053f56a9863bf3f67f0cbc57ed9c201be6
                                                                                                          • Instruction ID: 8dbdbd8fb2ee43ef5bfbe7f7d2193fe616653f241f142142ff86e59878bdd46f
                                                                                                          • Opcode Fuzzy Hash: d504a26610e36f51b1930472ac8269053f56a9863bf3f67f0cbc57ed9c201be6
                                                                                                          • Instruction Fuzzy Hash: D31191724093849FDB118F15DD84B52BFF4EF06220F0984DAED458B262D275A808CB61
                                                                                                          Function 05941DA2 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 05941DEE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Connect
                                                                                                          • String ID:
                                                                                                          • API String ID: 3144859779-0
                                                                                                          • Opcode ID: dacc804655263b9fa706944bde25d091060b5a706ce1222fea29773df0ad335c
                                                                                                          • Instruction ID: 4b20726a662e0e6844eb4e54cbc571ec6a102230e9f7cc37c64a0f7bc6d5d6ed
                                                                                                          • Opcode Fuzzy Hash: dacc804655263b9fa706944bde25d091060b5a706ce1222fea29773df0ad335c
                                                                                                          • Instruction Fuzzy Hash: E4115A765006049FDB20CF55D844F62FBE5EF08320F08C8AAED498B662D336E858EF61
                                                                                                          Function 059400FE Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • K32EnumProcesses.KERNEL32(?,?,?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 0594013E
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: EnumProcesses
                                                                                                          • String ID:
                                                                                                          • API String ID: 84517404-0
                                                                                                          • Opcode ID: df6343b99bc16ff5322282988f0fcebde8fc2c3666ab078e8838db6dc0446ea2
                                                                                                          • Instruction ID: b8471688459a95c48e67f49853fd301e31b91f095dcd6a337605cf941a767116
                                                                                                          • Opcode Fuzzy Hash: df6343b99bc16ff5322282988f0fcebde8fc2c3666ab078e8838db6dc0446ea2
                                                                                                          • Instruction Fuzzy Hash: 8A115E726042049FDB50CF65D989B66FBE8EF08324F0884AADE498F651D375E848CF61
                                                                                                          Function 02BAAC5A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetFileAttributesW.KERNEL32(?,?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAAC97
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: AttributesFile
                                                                                                          • String ID:
                                                                                                          • API String ID: 3188754299-0
                                                                                                          • Opcode ID: ebef69e58ae2b6fa58586e2ebaadaa2f9f205a49e0a293bc34f8abf7d9e28d74
                                                                                                          • Instruction ID: f89223f92ffcafb96254a11934a58e32f8a133ea64a4feb374733c5e1ce7a5a5
                                                                                                          • Opcode Fuzzy Hash: ebef69e58ae2b6fa58586e2ebaadaa2f9f205a49e0a293bc34f8abf7d9e28d74
                                                                                                          • Instruction Fuzzy Hash: C90180726042449FEB50CF25DC85756FBE4EF04224F08C4AADD45CB752E375E444CA62
                                                                                                          Function 05941E9E Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 05941EEE
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: InformationVolume
                                                                                                          • String ID:
                                                                                                          • API String ID: 2039140958-0
                                                                                                          • Opcode ID: ef3451eb362d77648033d0d3b486210e3cb1faf7be5a49f4c066c0f808d9b5b8
                                                                                                          • Instruction ID: 24fcae815a7aa64ceaa309edc5a7886d9e0b7ae421c7a1d29ca7514e19a96e54
                                                                                                          • Opcode Fuzzy Hash: ef3451eb362d77648033d0d3b486210e3cb1faf7be5a49f4c066c0f808d9b5b8
                                                                                                          • Instruction Fuzzy Hash: 7601B171A00204ABD350DF16CC85B66FBE8EB88B20F14855AEC089B741D731F915CBE2
                                                                                                          Function 05940472 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 059404B6
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: DuplicateHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 3793708945-0
                                                                                                          • Opcode ID: ef671ead7dfe912f3d4e5a2986f018eaa315ce07bff925c4da448707d77f12fc
                                                                                                          • Instruction ID: 2233cbfba505223abc3b730c35366a268cfa4af1b40d5b6c84fb98e4d50875ee
                                                                                                          • Opcode Fuzzy Hash: ef671ead7dfe912f3d4e5a2986f018eaa315ce07bff925c4da448707d77f12fc
                                                                                                          • Instruction Fuzzy Hash: 81016D325006049FDB21CF55D944F66FFE5EF08324F08C8AAEE494AA52D376E818DF62
                                                                                                          Function 05940FEA Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 0594103A
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 8b1e62aa0d77a33d40353a180a87c65fcd09e0164479b03e182c514d173915d1
                                                                                                          • Instruction ID: bbfc17b0b1c710c32491a70e1dfaa03d80721a6e43db26d62414cdad032ea37c
                                                                                                          • Opcode Fuzzy Hash: 8b1e62aa0d77a33d40353a180a87c65fcd09e0164479b03e182c514d173915d1
                                                                                                          • Instruction Fuzzy Hash: 8F01A271500204ABD250DF16CC86F66FBE8FB88A20F14815AEC089BB41D771F915CBE6
                                                                                                          Function 02BAA09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: send
                                                                                                          • String ID:
                                                                                                          • API String ID: 2809346765-0
                                                                                                          • Opcode ID: 4b682661949582d64538f53538555f9286fb60633c2b8daf7e6c0c03e7daeefa
                                                                                                          • Instruction ID: 109b3f0da9fe0e05fb7abac09f9a6c4129ad203286dd49e230311ec7e4f1a32c
                                                                                                          • Opcode Fuzzy Hash: 4b682661949582d64538f53538555f9286fb60633c2b8daf7e6c0c03e7daeefa
                                                                                                          • Instruction Fuzzy Hash: 05019E325046449FDB20CF55D845B55FBF0EF08324F08C8AADD498B652D376E448CB72
                                                                                                          Function 054A2757 Relevance: 1.5, Strings: 1, Instructions: 292COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: 402382e1c6d0f99c7975d10904158ad6f949d153b355761082fdca3e96955cea
                                                                                                          • Instruction ID: 2c23185a284b00b252a50b77dcfaa2cb50f9afac9af783d6d5dda8df235f2573
                                                                                                          • Opcode Fuzzy Hash: 402382e1c6d0f99c7975d10904158ad6f949d153b355761082fdca3e96955cea
                                                                                                          • Instruction Fuzzy Hash: B4B15D34B05214DFCB09DFB8F4546AE77B2EB99204B20846EE805973A5DF799C12CB90
                                                                                                          Function 02BAAA06 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • WaitForInputIdle.USER32(?,?), ref: 02BAAA3B
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: IdleInputWait
                                                                                                          • String ID:
                                                                                                          • API String ID: 2200289081-0
                                                                                                          • Opcode ID: 4203e7544ad73e7407eca8f89f3b53c36e99ac94d593b2616c608825196c6065
                                                                                                          • Instruction ID: 35f9cee8dd411d63e7062fca499d3e784053ce288dfbc4bda2d1cbc6cdce9e01
                                                                                                          • Opcode Fuzzy Hash: 4203e7544ad73e7407eca8f89f3b53c36e99ac94d593b2616c608825196c6065
                                                                                                          • Instruction Fuzzy Hash: C8018F725046449FDB10CF15D984B66FBE4EF04724F08C8EADD4A8B652D379A448CEB2
                                                                                                          Function 02BAB1CA Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • FindClose.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAB1FC
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseFind
                                                                                                          • String ID:
                                                                                                          • API String ID: 1863332320-0
                                                                                                          • Opcode ID: 296671c78f22ed0c43bc5037542b7b9e1525879d32935bd552cce22cc9141a89
                                                                                                          • Instruction ID: 535b9b653fd632f91c8dcb68d43b41418131d926b769fad16195e73a42b82cf7
                                                                                                          • Opcode Fuzzy Hash: 296671c78f22ed0c43bc5037542b7b9e1525879d32935bd552cce22cc9141a89
                                                                                                          • Instruction Fuzzy Hash: F701AD355042048FDB108F15E884B66FBA4EF04224F08C0EADD458BB52D379E848CE62
                                                                                                          Function 05942092 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CoGetObjectContext.COMBASE(?,?), ref: 059420C7
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557897335.0000000005940000.00000040.00000800.00020000.00000000.sdmp, Offset: 05940000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5940000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ContextObject
                                                                                                          • String ID:
                                                                                                          • API String ID: 3343934925-0
                                                                                                          • Opcode ID: 2c1daf18f6db6bc088ec250516db41bc67071464832256d00e11b318980820ff
                                                                                                          • Instruction ID: fb62dd37cbc5293c10a5d1fc52d2669d274d0dd20b357befbed0e328ebd2a80a
                                                                                                          • Opcode Fuzzy Hash: 2c1daf18f6db6bc088ec250516db41bc67071464832256d00e11b318980820ff
                                                                                                          • Instruction Fuzzy Hash: DDF06D755006449FDB108F05D884B61FBE4FF08224F08C49AED454B652D37AA888CEA2
                                                                                                          Function 02BAA2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • SetErrorMode.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAA330
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: ErrorMode
                                                                                                          • String ID:
                                                                                                          • API String ID: 2340568224-0
                                                                                                          • Opcode ID: 02ca0e4630c8d7209a84c15a8e00aa5d273dee3f551f0f5399434da9340d07b0
                                                                                                          • Instruction ID: aaf2b86de83c9e70a7d740ae5e448286100c6af397c6633326a7e3e9739124a7
                                                                                                          • Opcode Fuzzy Hash: 02ca0e4630c8d7209a84c15a8e00aa5d273dee3f551f0f5399434da9340d07b0
                                                                                                          • Instruction Fuzzy Hash: B4F0AF35908644CFDB108F09D884B65FBE0EF04324F08C0DADD494B752D379A848CEB2
                                                                                                          Function 054A28BD Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: c89bf841e35e98ac093a043fb6bd72c14cce0ce0ddbbafa3b891e9f592e04f4b
                                                                                                          • Instruction ID: f1f7d9d17399822875e5ad6cad88ad1a1f7188bf931c31735e61edf7296b940d
                                                                                                          • Opcode Fuzzy Hash: c89bf841e35e98ac093a043fb6bd72c14cce0ce0ddbbafa3b891e9f592e04f4b
                                                                                                          • Instruction Fuzzy Hash: A8912938B01214DFCB09DFB8F4556AD77A2EB59208B20846AE806973A5DF799C12DF50
                                                                                                          Function 054A290D Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: e2decdccd67ead7a2fc029448c68923bb0fc42466464ca117c5a210d27c39611
                                                                                                          • Instruction ID: 03fe43582a45fd17a3d414fa0e378bd79490ae8c42a0cf9a5828657d246e06d5
                                                                                                          • Opcode Fuzzy Hash: e2decdccd67ead7a2fc029448c68923bb0fc42466464ca117c5a210d27c39611
                                                                                                          • Instruction Fuzzy Hash: A8811A38B01214DFCB09DFB8F4556AD73A2FB99208B20846AE845973A5DF799C12DF90
                                                                                                          Function 054A294F Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: d8e923dfc252648af1fd8a7e54124e92c4dbca3a700e15312f26bdde5c7e9c2d
                                                                                                          • Instruction ID: 8eb5ae7634b0a77c641c140f40f9777c7ee333255b13751a4275d4ea8362ccca
                                                                                                          • Opcode Fuzzy Hash: d8e923dfc252648af1fd8a7e54124e92c4dbca3a700e15312f26bdde5c7e9c2d
                                                                                                          • Instruction Fuzzy Hash: 1F811C38B01214DFCB09DFB8F4556AD73A2FB99208B20846EE845973A5DF799C12DF90
                                                                                                          Function 054A0B03 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: 9dcc9ff9296f250ff490962ad8a2114dc1146c4c8a48da000b11a6d710ea86e9
                                                                                                          • Instruction ID: 298b15cf86465dd1f4c34c30c0aae2cc22e2df3421dcb009996639d101f4128b
                                                                                                          • Opcode Fuzzy Hash: 9dcc9ff9296f250ff490962ad8a2114dc1146c4c8a48da000b11a6d710ea86e9
                                                                                                          • Instruction Fuzzy Hash: 1571AC35701210CFCB19DB78E45867D37A3EB99208B2444AEE80A8B3D5DF7E9C52CB61
                                                                                                          Function 054A29C3 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: 81e912c991460b0a44cddf4008ab28c78b231d9ec688bf259e95904c9d499f31
                                                                                                          • Instruction ID: 5f15986ec6debf5c1fe75790783782e6cc2b5a6c76695505e61af34e3d261532
                                                                                                          • Opcode Fuzzy Hash: 81e912c991460b0a44cddf4008ab28c78b231d9ec688bf259e95904c9d499f31
                                                                                                          • Instruction Fuzzy Hash: 39713D38B01214DFCB19DFB8F45866D73A2FB99208B20846EE845973A5DF799C12DF90
                                                                                                          Function 054A2AA5 Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: d30db7276ffe5f14fdb43304aa7933946b9951637591cb199c3c8af5dd7a1206
                                                                                                          • Instruction ID: dba0caefdb7dffd0ec47e9ca723b1b73a5e1665dc79a5c9361473f279df530e9
                                                                                                          • Opcode Fuzzy Hash: d30db7276ffe5f14fdb43304aa7933946b9951637591cb199c3c8af5dd7a1206
                                                                                                          • Instruction Fuzzy Hash: 4C519438B05214DFCB18DFB8E44966E73A7FF98214F20846AD805973A5CF789C12DB90
                                                                                                          Function 054A2BC0 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: :@hk
                                                                                                          • API String ID: 0-3104576358
                                                                                                          • Opcode ID: 8a85134143ecca7e74dbd9f08930a9f71c9e0b1994485d4aab85c3a46d440aba
                                                                                                          • Instruction ID: 99c10e7c3111e161d533364f194f05f869aaaf4fe7433239231443a56f83d5ce
                                                                                                          • Opcode Fuzzy Hash: 8a85134143ecca7e74dbd9f08930a9f71c9e0b1994485d4aab85c3a46d440aba
                                                                                                          • Instruction Fuzzy Hash: F231A138B012188FCB09EBB8E4046BD73A7FF99208F20846ED80597795CF798C12DB91
                                                                                                          Function 02BABC38 Relevance: 1.3, APIs: 1, Instructions: 68COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BABCA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: 955ecfb9c8c322141333ba5da0714f75821409f3368f727d06c70345fe4fb085
                                                                                                          • Instruction ID: d393be8266fef4de68e633976c669823d9fc3be8d87d4fe8a7794af9b001f44b
                                                                                                          • Opcode Fuzzy Hash: 955ecfb9c8c322141333ba5da0714f75821409f3368f727d06c70345fe4fb085
                                                                                                          • Instruction Fuzzy Hash: 9221817250D3C45FDB128B25DC54B92BFB4AF07324F0984DAEC858F663D265A908DB62
                                                                                                          Function 02BAA710 Relevance: 1.3, APIs: 1, Instructions: 64COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAA780
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: 24c2549bcda345104f8f542b84f7e0c4c4e0acebc09176ed3d8d150d71ff6f1e
                                                                                                          • Instruction ID: fa32cad8a6a844de3fe494b91059c5b84d3d43412e675640e9e6f2448916c60f
                                                                                                          • Opcode Fuzzy Hash: 24c2549bcda345104f8f542b84f7e0c4c4e0acebc09176ed3d8d150d71ff6f1e
                                                                                                          • Instruction Fuzzy Hash: 5A21D5B15083849FD711CF15DC95752BFB8EF02324F0984DAED458B653D334A909CB61
                                                                                                          Function 02BAAA81 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAAAE0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: 8e47916d6b3c9e4c620b77abf4a80416555882d034aa40c142a124e083e668f9
                                                                                                          • Instruction ID: 8e871ded21b2a5557d305ad10b5d2ba2d2ddb179823043f5cc05b6c02c58430e
                                                                                                          • Opcode Fuzzy Hash: 8e47916d6b3c9e4c620b77abf4a80416555882d034aa40c142a124e083e668f9
                                                                                                          • Instruction Fuzzy Hash: 66115E715493C05FDB128B25DC54792BFB4EF06220F0988DBED848F153C265A948CB62
                                                                                                          Function 054A0509 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                          Download Yara Rule
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [fi^
                                                                                                          • API String ID: 0-3750854875
                                                                                                          • Opcode ID: d45c9815d371ae80286c4d605657b92a4ad02294401bc7d6d23fb46f1c7e576d
                                                                                                          • Instruction ID: 4e576e13e2ac434a31127e87071659dc734f4c80b70bac220db44de7111ef613
                                                                                                          • Opcode Fuzzy Hash: d45c9815d371ae80286c4d605657b92a4ad02294401bc7d6d23fb46f1c7e576d
                                                                                                          • Instruction Fuzzy Hash: B201B121F041108B4B5AE7BD44252BE75D75FD418470948AAC40ADB381DF788C068BF7
                                                                                                          Function 02BABC72 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BABCA4
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: a1c0e3add5f20fe4c38382189c220f524b16cc18201e059bd88e2104c5dfad1f
                                                                                                          • Instruction ID: 27a4e254ac79d1a044d484b1fcaeef518a97102e7733e6fc7bdfa1d93221637c
                                                                                                          • Opcode Fuzzy Hash: a1c0e3add5f20fe4c38382189c220f524b16cc18201e059bd88e2104c5dfad1f
                                                                                                          • Instruction Fuzzy Hash: 7501DF766082048FDB10CF25E884B96FBE4EF14228F08C4AADC098B752D775E848CA62
                                                                                                          Function 02BAA74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAA780
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: 944cedc438af05d49cde4c63abd2eba0fc4f0f49785f9094db22706909529862
                                                                                                          • Instruction ID: 5444cec74f528a29541088dfd76e8b4ae22d3830a333f0f7b483633c12385e83
                                                                                                          • Opcode Fuzzy Hash: 944cedc438af05d49cde4c63abd2eba0fc4f0f49785f9094db22706909529862
                                                                                                          • Instruction Fuzzy Hash: 2B017C756042448FDB508F25D9957A6FBB4DF04224F08C4AADD498B652D379E848CAA2
                                                                                                          Function 02BAAAAE Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                                                                                                          Download Yara Rule
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNEL32(?,35C9D1D0,00000000,?,?,?,?,?,?,?,?,6C223C58), ref: 02BAAAE0
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554713291.0000000002BAA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BAA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2baa000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: 8e19de8865803adfb52f82e1955b360edddf95b4f548f7d071a974b277dedb9d
                                                                                                          • Instruction ID: 124dd2ed6b1cea93d3d6fd2649761528945cdad3e3239e9ebd23a03f21f7f14d
                                                                                                          • Opcode Fuzzy Hash: 8e19de8865803adfb52f82e1955b360edddf95b4f548f7d071a974b277dedb9d
                                                                                                          • Instruction Fuzzy Hash: F1016D719092449FDB10CF15D984BA6FBE4EF04324F08C8EADD498F652D379A848CEB2
                                                                                                          Function 054A1F3F Relevance: .6, Instructions: 569COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 4fa4c3ab2d9d6f3864ea1cb28ac6ecbb3b9bf1a36d4d1649b4c2ed49537b8b35
                                                                                                          • Instruction ID: 54e1b1a6bc4a85ba1ed9de74db17f08e295d8f9c3cf46b774ed125e70a397d3d
                                                                                                          • Opcode Fuzzy Hash: 4fa4c3ab2d9d6f3864ea1cb28ac6ecbb3b9bf1a36d4d1649b4c2ed49537b8b35
                                                                                                          • Instruction Fuzzy Hash: C512D436A092118FDB68EB38D4547FE72A3BF95204F15446AC806A7390DF78DC86DBA1
                                                                                                          Function 054A1460 Relevance: .3, Instructions: 283COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 401d7fc4c2ad65a58c352853352a6d8244cd26c5bf266ed5403f3d840548a420
                                                                                                          • Instruction ID: 060d8e7a783663bf1bd5cdca982030a6b1eb9e51ba0c3f6c9a6036486bce5581
                                                                                                          • Opcode Fuzzy Hash: 401d7fc4c2ad65a58c352853352a6d8244cd26c5bf266ed5403f3d840548a420
                                                                                                          • Instruction Fuzzy Hash: 25A10232B052008BC755DB38E8487EE36E3BBA4254F5856AAE812DB3D1DF79DC06CB51
                                                                                                          Function 054A05C5 Relevance: .2, Instructions: 177COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 248b4975e5fbde61d2b81133af8bfac3a9c4384b45be9487825ee59d85ea836e
                                                                                                          • Instruction ID: 253b4f2269f697b5125e5f26ac1e1c9c5998a0e4409230c003f46224c300bb7f
                                                                                                          • Opcode Fuzzy Hash: 248b4975e5fbde61d2b81133af8bfac3a9c4384b45be9487825ee59d85ea836e
                                                                                                          • Instruction Fuzzy Hash: B0619939B01300CFCB15DB79F4486AE77A2FB98248B1544ADD8069B392DF7ADC42CB61
                                                                                                          Function 054A0015 Relevance: .2, Instructions: 173COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b8ca8cc4d1c43f8819556002622592d3a6abc13605e16b2054d5e7e69b06f151
                                                                                                          • Instruction ID: 9577eec8564ddf9847cf5ea39e793399768251306f27f6f6a9666cf22bac06db
                                                                                                          • Opcode Fuzzy Hash: b8ca8cc4d1c43f8819556002622592d3a6abc13605e16b2054d5e7e69b06f151
                                                                                                          • Instruction Fuzzy Hash: 9F619F3061A385CFC306DB3CF45C59D3BB2EFA1248759859EC4448B6A7DB6C5C1ACBA2
                                                                                                          Function 054A0BA8 Relevance: .2, Instructions: 153COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3cc2ae22a085545b585f07321ec6065ef469ef0186e004691eafefcac101ebe1
                                                                                                          • Instruction ID: 4b196e5a131a9339e4b377210ede476f8c3215080b4369248a0135570aa19a16
                                                                                                          • Opcode Fuzzy Hash: 3cc2ae22a085545b585f07321ec6065ef469ef0186e004691eafefcac101ebe1
                                                                                                          • Instruction Fuzzy Hash: A0518D39701210CFCB19DB78F45866D37A2EB99208B1544ADE80A9B3D5DF7AEC52CB60
                                                                                                          Function 054A1450 Relevance: .1, Instructions: 147COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 78c248692b04c12a7c22def44a5b83c38cd3a688f912370697f6f3bb023ffcd8
                                                                                                          • Instruction ID: ff137ae500851f176c0a34857f643b2dc0997406fa6680cf1e66c41ffb48b094
                                                                                                          • Opcode Fuzzy Hash: 78c248692b04c12a7c22def44a5b83c38cd3a688f912370697f6f3bb023ffcd8
                                                                                                          • Instruction Fuzzy Hash: DB51C032A05201DBD755CB3AE8447FA36E7FB98350F5842AAD802DB2D1DF78D906CB21
                                                                                                          Function 054A0634 Relevance: .1, Instructions: 145COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3e89e4884db58490e206aa450ceeba3444c4fe74563c9a83f6a356c104c01c5d
                                                                                                          • Instruction ID: 1f0575a8a65064615904a052ba5b75a2e47516e66e3ad0cb040726f1d813beae
                                                                                                          • Opcode Fuzzy Hash: 3e89e4884db58490e206aa450ceeba3444c4fe74563c9a83f6a356c104c01c5d
                                                                                                          • Instruction Fuzzy Hash: FF511739702200CFCB19DF78F45866E73A2FB9824871544ADD8069B395DF7AEC52CBA0
                                                                                                          Function 054A1830 Relevance: .1, Instructions: 133COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 911a9868bd377af4fe2831dc9bf3f3ac79e52b3cf28a41c2087ede32447460cf
                                                                                                          • Instruction ID: fe1079691d8d9193479d16d622b024caeb2281123a0609b6e03edd1b0744da3a
                                                                                                          • Opcode Fuzzy Hash: 911a9868bd377af4fe2831dc9bf3f3ac79e52b3cf28a41c2087ede32447460cf
                                                                                                          • Instruction Fuzzy Hash: EF41CD32B05211CBDB16CB3AA8447FD36E3BB94354F5855AAD402DB2D1DF78D906CB21
                                                                                                          Function 054A0C22 Relevance: .1, Instructions: 125COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 23dc36aa0ef8d00b84b2aa5eb094550817cfb63c6101a90c4904fea1b58c0737
                                                                                                          • Instruction ID: 364dcd7d52530f3f6005ada5142033144f7fdb25d61f49368651611728863669
                                                                                                          • Opcode Fuzzy Hash: 23dc36aa0ef8d00b84b2aa5eb094550817cfb63c6101a90c4904fea1b58c0737
                                                                                                          • Instruction Fuzzy Hash: 4841AF39701210CFCB19DB78F45966D37A2EB98208B1544ADE80A9B3D5DF7AEC52CB60
                                                                                                          Function 054A1238 Relevance: .1, Instructions: 115COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 975b18ceda74bbbdabce3fadfa14e248bb3c8d089583fddea8014507e38e97a8
                                                                                                          • Instruction ID: 1f8af1567c684cf1f3c820d471c80491227aefa9b1b29359a336131b5795535e
                                                                                                          • Opcode Fuzzy Hash: 975b18ceda74bbbdabce3fadfa14e248bb3c8d089583fddea8014507e38e97a8
                                                                                                          • Instruction Fuzzy Hash: 7F41A232B002118FDB44DF78D8885AE77E6EF84214B5884BAD805DB79ADF39CD45CBA1
                                                                                                          Function 054A3070 Relevance: .1, Instructions: 107COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b67802597cf4e7a05d9e80bdc051dd2dac8390e378d5ef14d5bb24f46a0a0103
                                                                                                          • Instruction ID: 08dcc5547222717ec73679e576a184ee900e9d0afe7a32e1ded762d885ac0b48
                                                                                                          • Opcode Fuzzy Hash: b67802597cf4e7a05d9e80bdc051dd2dac8390e378d5ef14d5bb24f46a0a0103
                                                                                                          • Instruction Fuzzy Hash: 9231BF71B002059FDB14CF79D844BEEBBF6AF88214F24856AE405EB390EF749C058B90
                                                                                                          Function 054A1229 Relevance: .1, Instructions: 106COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 36631ac33b5be1d2d3998cf3c4b16cb78ca360e6895e9562340cf1a4113076f3
                                                                                                          • Instruction ID: 8e3aa5b9435246aefc5d2f0179c6f25de7b37a7409493a7ebaea732e3688289c
                                                                                                          • Opcode Fuzzy Hash: 36631ac33b5be1d2d3998cf3c4b16cb78ca360e6895e9562340cf1a4113076f3
                                                                                                          • Instruction Fuzzy Hash: C3319232B012118FDB44DF78C8885AE77E2BF88204F5884A9D805DB79ADF79DD45CBA0
                                                                                                          Function 054A0C8D Relevance: .1, Instructions: 100COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 018a8ed9497b6fcc812a5f5e0a6a4ddd307e3227cc41566523eb155b8438136c
                                                                                                          • Instruction ID: 3e9cb9b1b5ce0b46dfec85da371ef91a921678c78720d0fe7f946f9d5eae3bad
                                                                                                          • Opcode Fuzzy Hash: 018a8ed9497b6fcc812a5f5e0a6a4ddd307e3227cc41566523eb155b8438136c
                                                                                                          • Instruction Fuzzy Hash: AB319F39B012108FDB15DB78E4597AD37A2EB98208F1484ADE40ADB3D5DF79EC52CB60
                                                                                                          Function 054A2698 Relevance: .1, Instructions: 71COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 75ea0188cfcc36b4d2f0813582a2a5cec9504ad1d3a8b2adbb6cef35de224da5
                                                                                                          • Instruction ID: fca8bd363b062e8c8356520007fd635504a0a79798cfe2952d7c847828731658
                                                                                                          • Opcode Fuzzy Hash: 75ea0188cfcc36b4d2f0813582a2a5cec9504ad1d3a8b2adbb6cef35de224da5
                                                                                                          • Instruction Fuzzy Hash: 1B11E739F042149BCB55EA75D801BFEB7F7BF88300F14857AD501AB280EA749D008BA0
                                                                                                          Function 02C01371 Relevance: .1, Instructions: 66COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554990185.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2c01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 003d4a67e74f61a5267a93cf249c49998e43c6b09d6e555fdcbe2ced51fad319
                                                                                                          • Instruction ID: 61948693d71ac43e2d5dc4fef98aed1c3eb98eefb5305ab11017f0db1556ef92
                                                                                                          • Opcode Fuzzy Hash: 003d4a67e74f61a5267a93cf249c49998e43c6b09d6e555fdcbe2ced51fad319
                                                                                                          • Instruction Fuzzy Hash: 4D211B3114D3C08FCB178B60D994B55BFB5AB87218F1985DED4888B5A3C26A8916CB52
                                                                                                          Function 054A0E55 Relevance: .1, Instructions: 63COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f851299d19ed66887a512b74a6d7dd309653df338aa8a682a7e049f9b184e6d2
                                                                                                          • Instruction ID: 901039502fe3f94ace36ee1e2ff42d60026f215ef80c745a22df7b8c3fc16833
                                                                                                          • Opcode Fuzzy Hash: f851299d19ed66887a512b74a6d7dd309653df338aa8a682a7e049f9b184e6d2
                                                                                                          • Instruction Fuzzy Hash: 0D215B35B110148FCB04DBBCE4589AD73F3FF98218B1081A9E80AAB365CF759C46CBA1
                                                                                                          Function 054A0D40 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f5eac5c2f23b4bdd9769ed8c47cb76b35e9b242801a21a71a07ad0a7901ab338
                                                                                                          • Instruction ID: 33122d6db303a9f455a3cb8500e7fdf0b7446b525a97ccafbbf719969ff077c1
                                                                                                          • Opcode Fuzzy Hash: f5eac5c2f23b4bdd9769ed8c47cb76b35e9b242801a21a71a07ad0a7901ab338
                                                                                                          • Instruction Fuzzy Hash: D811DC35B012108FCB14DF79E4486AD77E2EF94218B6584AEE019DB3C2EF79D852CB20
                                                                                                          Function 054A0773 Relevance: .1, Instructions: 61COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 69427dec031b2532d08322ccab40afb4070b14b4893abed55b7f570beed791ca
                                                                                                          • Instruction ID: 9cd285925bed0c7063dccc0f255c11cea57743b4e4cf7d82243bcd81c00d2fe6
                                                                                                          • Opcode Fuzzy Hash: 69427dec031b2532d08322ccab40afb4070b14b4893abed55b7f570beed791ca
                                                                                                          • Instruction Fuzzy Hash: 6E213835702300CFCB09DB78F45856D33A2FB9924871544ADD906973A1DF7EAC52CB91
                                                                                                          Function 05D526C0 Relevance: .1, Instructions: 60COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557991789.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5d50000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ad3bda86e143e74f7c2e5b7ee459df717c7923541976737f77a7001041b65c24
                                                                                                          • Instruction ID: 79336c8ffef3e1482bc0113e22af004904d917515ba145c1c8285815dfda0ff5
                                                                                                          • Opcode Fuzzy Hash: ad3bda86e143e74f7c2e5b7ee459df717c7923541976737f77a7001041b65c24
                                                                                                          • Instruction Fuzzy Hash: 6C11B7B5908341AFD340CF19D881A5BFBE4FB88664F04896EF998D7311D235E9188FA2
                                                                                                          Function 02C0139C Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554990185.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2c01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 762da46029d19b7b0fef0db1243fa06564232f0f49718f8b172257b0cc0094a6
                                                                                                          • Instruction ID: 8f68bbc6865fbe19776e538606383732881ecfe468d102174e19a0860343a32b
                                                                                                          • Opcode Fuzzy Hash: 762da46029d19b7b0fef0db1243fa06564232f0f49718f8b172257b0cc0094a6
                                                                                                          • Instruction Fuzzy Hash: 5B11A2312042849FD715CB51D980F26FBA5EBC9718F28C9ACE94D4BB92C7BBD843CA51
                                                                                                          Function 054A2EE1 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 7f7275c6fd272865d138ea8685a3fbb4b70f54241f90867e8fb6d889443339be
                                                                                                          • Instruction ID: e50a27ba28c459e43bf187467cc01428fa23d0b295334fca1185fc2bf91d7bcf
                                                                                                          • Opcode Fuzzy Hash: 7f7275c6fd272865d138ea8685a3fbb4b70f54241f90867e8fb6d889443339be
                                                                                                          • Instruction Fuzzy Hash: 1A110877F082044AEF00DA79C984AFF77A7EF84314F0A4076E905A7388DBB18945A661
                                                                                                          Function 054A2F88 Relevance: .1, Instructions: 59COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c25e97cc5d79db7ed2f8973c23e373e08a3715b6324291e0153ff7129729218a
                                                                                                          • Instruction ID: 473fb6f0d5d19eb354f08c15e1e8ac8af437699f47447e7c9edf57127b85c9eb
                                                                                                          • Opcode Fuzzy Hash: c25e97cc5d79db7ed2f8973c23e373e08a3715b6324291e0153ff7129729218a
                                                                                                          • Instruction Fuzzy Hash: 7001E133E041189A8F01EAB498489EE77E5EF54254B4505AAE800FB205EB69EE0587B1
                                                                                                          Function 054A2DD0 Relevance: .1, Instructions: 53COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: eb0324ce3474700ea43a6d78edb5f738796cc65672bf37b526abd1122b7cdba7
                                                                                                          • Instruction ID: f9ba21e05997518c2cf72a2e4f61bf9455841c0832a9ed8443a3b553503f0018
                                                                                                          • Opcode Fuzzy Hash: eb0324ce3474700ea43a6d78edb5f738796cc65672bf37b526abd1122b7cdba7
                                                                                                          • Instruction Fuzzy Hash: 27111272D1110CAFCB05DFE9E8858DEBBF9EF88210F148166E505F7210EB70A905CBA0
                                                                                                          Function 02BBB858 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554782254.0000000002BBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BBA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2bba000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 44c90d54a18cfba0e8f1f4f82d8196b5243b6a82578abaf305a2c9e88ad03afe
                                                                                                          • Instruction ID: b785228f46e44402f94d09cdf0a7fd4b79731c3c60561205285ba740731fe639
                                                                                                          • Opcode Fuzzy Hash: 44c90d54a18cfba0e8f1f4f82d8196b5243b6a82578abaf305a2c9e88ad03afe
                                                                                                          • Instruction Fuzzy Hash: 4C11E8B5908305AFD350CF09D840E5BFBE8EB88660F04891EFD5897311D235E9088FA2
                                                                                                          Function 05D52564 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557991789.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5d50000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8f393338bb64600f9c468943d25ea8fd9e372c01d71de68e8b938f54528f0636
                                                                                                          • Instruction ID: 114ab198aa70e607b57f4f990da85d0f562a80fe6bc450d88d20ea77d04a617d
                                                                                                          • Opcode Fuzzy Hash: 8f393338bb64600f9c468943d25ea8fd9e372c01d71de68e8b938f54528f0636
                                                                                                          • Instruction Fuzzy Hash: 3E11E8B5908305AFD750CF09D880E5BFBE8EB88660F04891EFD5997311D235E9088FA2
                                                                                                          Function 054A13A9 Relevance: .1, Instructions: 51COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8dc89193072900f75bdb6a161b98ab4816f50ae62b21a70d40db06478c2ea955
                                                                                                          • Instruction ID: 30cbc3236884ee79bcbfb00d7715c9770b706ba35965001908f046cf15a074d7
                                                                                                          • Opcode Fuzzy Hash: 8dc89193072900f75bdb6a161b98ab4816f50ae62b21a70d40db06478c2ea955
                                                                                                          • Instruction Fuzzy Hash: FC116D31F01218CF8B54DFBCA8455AE77F6EB8925472444BEC80AE7350EB358D12CB90
                                                                                                          Function 054A13B8 Relevance: .0, Instructions: 48COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3fbc5705eb4687524d424b48e185fd27a9868fdb3e5831e38f5451782b10acab
                                                                                                          • Instruction ID: eefe294b30ac3e90167beb3e464f6a3a725dabf29331dead9add184a3d7e791c
                                                                                                          • Opcode Fuzzy Hash: 3fbc5705eb4687524d424b48e185fd27a9868fdb3e5831e38f5451782b10acab
                                                                                                          • Instruction Fuzzy Hash: C2014C71F01218CF8B54EBBDA8455AEB7F6EB89254B20447EC809E7350EB369D12CB90
                                                                                                          Function 02C01047 Relevance: .0, Instructions: 45COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554990185.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2c01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a639ca129c22fb2a73dcb9385576bb39a0247fd88edb06f35e7c0d9fb4032d44
                                                                                                          • Instruction ID: 934af7e080bdb9e469c5e7a57c615e34a7f1b5e3c6a19e60a0b79670dfc5cdec
                                                                                                          • Opcode Fuzzy Hash: a639ca129c22fb2a73dcb9385576bb39a0247fd88edb06f35e7c0d9fb4032d44
                                                                                                          • Instruction Fuzzy Hash: 3D018BB65093845FD7118F169C40862FFF8DF4663070984DFED498BA52D2696808CB71
                                                                                                          Function 054A0D98 Relevance: .0, Instructions: 42COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 65c388219f6e98fcd004a53a957d2292ca260067dacf2eed97dc7d82610ed8dc
                                                                                                          • Instruction ID: ab4d561e410baf3908ed3c4add1712868a34161a53f069db97bd230d87b10b59
                                                                                                          • Opcode Fuzzy Hash: 65c388219f6e98fcd004a53a957d2292ca260067dacf2eed97dc7d82610ed8dc
                                                                                                          • Instruction Fuzzy Hash: 19015A31E01204CFCB14DF79E0485ACB7B2FF48219B65846EE415AB382EB76D991CF60
                                                                                                          Function 054A088A Relevance: .0, Instructions: 40COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: b3a84822f052d84042ecaa3ade8329b856acb99568105a8bad09d31f18d0793f
                                                                                                          • Instruction ID: b8b567cb34591fbca2dc09350c286d27773e2d3093a03721362472a452e3e22a
                                                                                                          • Opcode Fuzzy Hash: b3a84822f052d84042ecaa3ade8329b856acb99568105a8bad09d31f18d0793f
                                                                                                          • Instruction Fuzzy Hash: 4F0192716042068BCB11AB34D4585AD77E5EF80308F408D5DE84587794EBB99C598F42
                                                                                                          Function 054A1EAF Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ff912608bb0cb79b7004cfc8e549695c19828c9e52b5aab732d8f7565cba1b7c
                                                                                                          • Instruction ID: 47efdce80c0fbd12bc2a76b4ec63b1e17a312904aac9f2bf26015ce8051eb14a
                                                                                                          • Opcode Fuzzy Hash: ff912608bb0cb79b7004cfc8e549695c19828c9e52b5aab732d8f7565cba1b7c
                                                                                                          • Instruction Fuzzy Hash: 10F030B2E012499EDF50DBB999816EFBFF5EB48214F50447BD209E7240E7358A05CBA2
                                                                                                          Function 02C01458 Relevance: .0, Instructions: 31COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554990185.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2c01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 0b16fdc0296a997f28148fe2f73c86c88888e1c28f51257b56842edee350ddb0
                                                                                                          • Instruction ID: e0d57e0720d80a8752fb1a45e12b208ee5ec7fd1d9f1cbdf2256252dcbbc746c
                                                                                                          • Opcode Fuzzy Hash: 0b16fdc0296a997f28148fe2f73c86c88888e1c28f51257b56842edee350ddb0
                                                                                                          • Instruction Fuzzy Hash: 95F01D35104644DFC705CB40D580F16FBA2EB89718F28CAADE94907B62C377D913DA81
                                                                                                          Function 02C0106E Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554990185.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2c01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 953fbaa16a1ca44e2814c5d36e387147de29894378f8e3e9f9aff2d87387b66a
                                                                                                          • Instruction ID: 803db10475d1a1f6f16e4818bdaf9ceadd56ac9d21d68943fb88588901f490df
                                                                                                          • Opcode Fuzzy Hash: 953fbaa16a1ca44e2814c5d36e387147de29894378f8e3e9f9aff2d87387b66a
                                                                                                          • Instruction Fuzzy Hash: 2AE092B66006044B9650DF0AFC41452F7D8EB84630B08C47FDC0D8BB11D235B508CEA5
                                                                                                          Function 02BBB8A7 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554782254.0000000002BBA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BBA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2bba000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 740ff2ff854897951aea6e2958735f0a2d08f128c77a0d3dfe96e1e36fab4905
                                                                                                          • Instruction ID: a589dedd2a5a97ec988e38983347a904a3ca6932c6f89327d04ffc10cc2640a7
                                                                                                          • Opcode Fuzzy Hash: 740ff2ff854897951aea6e2958735f0a2d08f128c77a0d3dfe96e1e36fab4905
                                                                                                          • Instruction Fuzzy Hash: D3E0DFB294020467D2109E06EC46F62FB98DB40A30F08C96BED085B712E276B904CAF5
                                                                                                          Function 05D51FD7 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557991789.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5d50000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 802763713e26511013a38d0f9b9145e2ef8920b96682339c0fc1c5135dd51f97
                                                                                                          • Instruction ID: e0c9fef6e4a6015fcad4a22354588dbf4db23d41cd2ae12c5c1178abfbedae1c
                                                                                                          • Opcode Fuzzy Hash: 802763713e26511013a38d0f9b9145e2ef8920b96682339c0fc1c5135dd51f97
                                                                                                          • Instruction Fuzzy Hash: 18E0DFB290020467D6109E06AC4AF63FB98DB80A30F08C86BED085B712E276B914CEE5
                                                                                                          Function 05D525B3 Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557991789.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5d50000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 86237d61d582e79cb4f8743b89093acf4cc15cb3a2bafac6600ad3f253d56403
                                                                                                          • Instruction ID: e4cb9b0a084566559a38bc3c854502e7720a60ab5ce9b0e86b875abb8d6d0d18
                                                                                                          • Opcode Fuzzy Hash: 86237d61d582e79cb4f8743b89093acf4cc15cb3a2bafac6600ad3f253d56403
                                                                                                          • Instruction Fuzzy Hash: 8EE0DFB2900204A7D6509E06AC86F63FB98DB40A30F08C96BED091B712E276B9048AF5
                                                                                                          Function 05D5272B Relevance: .0, Instructions: 26COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557991789.0000000005D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05D50000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_5d50000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 069a668e58c6f7a394e11c02e066240ee7869d83d6043fd546acd93bea42570b
                                                                                                          • Instruction ID: bd83d3ce73976f7eacf96e90cbe0b6b460fd21a7a8aef37cacdbe80da25e61cf
                                                                                                          • Opcode Fuzzy Hash: 069a668e58c6f7a394e11c02e066240ee7869d83d6043fd546acd93bea42570b
                                                                                                          • Instruction Fuzzy Hash: 59E0DFB294020467D7109E06AC46F62FB9CDB84A31F08C86BED081B742E176B9188AE5
                                                                                                          Function 054A1879 Relevance: .0, Instructions: 19COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 645b807908943bb71e05a7e820fbe06f8b4fb73c2aa4978cfb894d1d0036f069
                                                                                                          • Instruction ID: eaeaaa3e12f904bc2110e56bc4f493304575d18e1757f91f45338c248b60150e
                                                                                                          • Opcode Fuzzy Hash: 645b807908943bb71e05a7e820fbe06f8b4fb73c2aa4978cfb894d1d0036f069
                                                                                                          • Instruction Fuzzy Hash: 99D0C22210D1D10FCB16133868205D57F65CF8716030D02EBDD44CB187D9484C498365
                                                                                                          Function 054A3030 Relevance: .0, Instructions: 16COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4557569816.00000000054A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054A0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_54a0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: bb3cc168cafc44c7dd3f5ee72905d09ba3500129e64f4220766ada9585546c2c
                                                                                                          • Instruction ID: 2c7cdbfa90a36e9e744822d1020973dbd919d15844c83235068aec22615eeedc
                                                                                                          • Opcode Fuzzy Hash: bb3cc168cafc44c7dd3f5ee72905d09ba3500129e64f4220766ada9585546c2c
                                                                                                          • Instruction Fuzzy Hash: 9BD0A77290020CA7CF10EFA0D8167DD77ACDB10241F0404E9D80583341FF746E288380
                                                                                                          Function 02BA23F4 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554696135.0000000002BA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA2000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2ba2000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a128fd34c8a6e09e925dbd239909e6505f419196d687a7376ada370d39443c66
                                                                                                          • Instruction ID: 045cb024fe39a46e95e1c71d5f5a4fb74c22b35c514c23f89023e8646ce1cb46
                                                                                                          • Opcode Fuzzy Hash: a128fd34c8a6e09e925dbd239909e6505f419196d687a7376ada370d39443c66
                                                                                                          • Instruction Fuzzy Hash: 24D05E792097C14FD3169B1CC5A9F9637D4AB51718F4A44FAAC008B763CB68D581D600
                                                                                                          Function 02BA23BC Relevance: .0, Instructions: 14COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554696135.0000000002BA2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BA2000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2ba2000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 15959f2581126687f0dcd26d5c9a73fffe1e94dd6b1f50074949de0f64737b4f
                                                                                                          • Instruction ID: aa453489d6a4c150f924de2d04cbc6cf45e50165b51c0a558fb51214bed048b9
                                                                                                          • Opcode Fuzzy Hash: 15959f2581126687f0dcd26d5c9a73fffe1e94dd6b1f50074949de0f64737b4f
                                                                                                          • Instruction Fuzzy Hash: 80D05E342042814FCB25DB0CC6E4F5937D4EF41718F0684E8AC108B762C7A8D8C0CA00

                                                                                                          Non-executed Functions

                                                                                                          Function 02C010AE Relevance: .0, Instructions: 22COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 00000004.00000002.4554990185.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_4_2_2c01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 8dd31db4aa259f0055e4901d0e99a5635281e3ae19f5d2e3167499700e650f62
                                                                                                          • Instruction ID: b560ba4e75cd2086a9aa648e04b6d8cd2680be8e4adb06a1fcd9097fc15170ef
                                                                                                          • Opcode Fuzzy Hash: 8dd31db4aa259f0055e4901d0e99a5635281e3ae19f5d2e3167499700e650f62
                                                                                                          • Instruction Fuzzy Hash: ABD0C9A645D7C04FD32B4B3058A1ED17FF5AE13218B1B06EBD080DF0E3E6598A46DB66

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:10.4%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:12
                                                                                                          Total number of Limit Nodes:0
                                                                                                          execution_graph 596 158a361 597 158a392 RegQueryValueExW 596->597 599 158a41b 597->599 592 158a612 594 158a646 CreateMutexW 592->594 595 158a6c1 594->595 600 158a462 602 158a486 RegSetValueExW 600->602 603 158a507 602->603 584 158a646 585 158a67e CreateMutexW 584->585 587 158a6c1 585->587

                                                                                                          Callgraph

                                                                                                          Executed Functions

                                                                                                          Function 0158A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 158a612-158a695 4 158a69a-158a6a3 0->4 5 158a697 0->5 6 158a6a8-158a6b1 4->6 7 158a6a5 4->7 5->4 8 158a702-158a707 6->8 9 158a6b3-158a6d7 CreateMutexW 6->9 7->6 8->9 12 158a709-158a70e 9->12 13 158a6d9-158a6ff 9->13 12->13
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 0158A6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365800492.000000000158A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_158a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: 1ec69e842e4af07a40082d887216fd63911341058746380556502d8872cfe648
                                                                                                          • Instruction ID: 7515ce0aacd57525589b1eff9618fa3eb7f23fa2798d674e9f9ec21ac8b91b72
                                                                                                          • Opcode Fuzzy Hash: 1ec69e842e4af07a40082d887216fd63911341058746380556502d8872cfe648
                                                                                                          • Instruction Fuzzy Hash: CF31A1B15093846FE712DB25DC85B96BFF8EF06314F08849AE944CF293D364E809C761
                                                                                                          Function 0158A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 16 158a361-158a3cf 19 158a3d1 16->19 20 158a3d4-158a3dd 16->20 19->20 21 158a3df 20->21 22 158a3e2-158a3e8 20->22 21->22 23 158a3ea 22->23 24 158a3ed-158a404 22->24 23->24 26 158a43b-158a440 24->26 27 158a406-158a419 RegQueryValueExW 24->27 26->27 28 158a41b-158a438 27->28 29 158a442-158a447 27->29 29->28
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,B6A7AFF4,00000000,00000000,00000000,00000000), ref: 0158A40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365800492.000000000158A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_158a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 92a6aa7cbc051b1c9792d995913a3c41123f70c44f2e86c0284f7c3c1bcad325
                                                                                                          • Instruction ID: a15af832624b7b829bc072de7186b5f4189946bf5d51b889ff2a89423a105cae
                                                                                                          • Opcode Fuzzy Hash: 92a6aa7cbc051b1c9792d995913a3c41123f70c44f2e86c0284f7c3c1bcad325
                                                                                                          • Instruction Fuzzy Hash: FD31B171505784AFE722CF15CC84FA6BFF8EF05210F08849AE9859B693D364E808CB61
                                                                                                          Function 0158A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 33 158a462-158a4c3 36 158a4c8-158a4d4 33->36 37 158a4c5 33->37 38 158a4d9-158a4f0 36->38 39 158a4d6 36->39 37->36 41 158a4f2-158a505 RegSetValueExW 38->41 42 158a527-158a52c 38->42 39->38 43 158a52e-158a533 41->43 44 158a507-158a524 41->44 42->41 43->44
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,B6A7AFF4,00000000,00000000,00000000,00000000), ref: 0158A4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365800492.000000000158A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_158a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: 73d8313aaa5f03d02efa0eae5fe6513a0f4cbc8b7a8abc2eeeb5a64b37624b65
                                                                                                          • Instruction ID: 1e23a02a41e727db52efae28dad02686817dfe6608eceb411335e1df196e265e
                                                                                                          • Opcode Fuzzy Hash: 73d8313aaa5f03d02efa0eae5fe6513a0f4cbc8b7a8abc2eeeb5a64b37624b65
                                                                                                          • Instruction Fuzzy Hash: 6221C1B25043846FEB228F15DC44FA7BFBCEF06210F08849AE985DB652D364E848C771
                                                                                                          Function 0158A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 48 158a646-158a695 51 158a69a-158a6a3 48->51 52 158a697 48->52 53 158a6a8-158a6b1 51->53 54 158a6a5 51->54 52->51 55 158a702-158a707 53->55 56 158a6b3-158a6bb CreateMutexW 53->56 54->53 55->56 58 158a6c1-158a6d7 56->58 59 158a709-158a70e 58->59 60 158a6d9-158a6ff 58->60 59->60
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 0158A6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365800492.000000000158A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_158a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: 212661e02789d01a8e7da6e20c9568960e28eee76bb8509b8ae2620bd41e54f9
                                                                                                          • Instruction ID: 28a4eedbbe9191c12b3871908ef996145baf69437bbeb372898762217c790dc5
                                                                                                          • Opcode Fuzzy Hash: 212661e02789d01a8e7da6e20c9568960e28eee76bb8509b8ae2620bd41e54f9
                                                                                                          • Instruction Fuzzy Hash: 25218071600244AFF710EB26DD85BAAFBE8EF04214F04886AED45DF746D775E809CA61
                                                                                                          Function 0158A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 63 158a392-158a3cf 65 158a3d1 63->65 66 158a3d4-158a3dd 63->66 65->66 67 158a3df 66->67 68 158a3e2-158a3e8 66->68 67->68 69 158a3ea 68->69 70 158a3ed-158a404 68->70 69->70 72 158a43b-158a440 70->72 73 158a406-158a419 RegQueryValueExW 70->73 72->73 74 158a41b-158a438 73->74 75 158a442-158a447 73->75 75->74
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,B6A7AFF4,00000000,00000000,00000000,00000000), ref: 0158A40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365800492.000000000158A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_158a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: cecee0d97d50e2ee8a45afdcf203cbe6943c68b3a0123ae7c58fcdc7588c2a6e
                                                                                                          • Instruction ID: 327ee881e66e7d41a863ae43679c9e55bad813eed5a41750f3f80a3294307fdf
                                                                                                          • Opcode Fuzzy Hash: cecee0d97d50e2ee8a45afdcf203cbe6943c68b3a0123ae7c58fcdc7588c2a6e
                                                                                                          • Instruction Fuzzy Hash: 3A21C071600204AFEB20DF19CC84FA6FBECEF04610F04846AED459B652D774E848CA71
                                                                                                          Function 0158A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 79 158a486-158a4c3 81 158a4c8-158a4d4 79->81 82 158a4c5 79->82 83 158a4d9-158a4f0 81->83 84 158a4d6 81->84 82->81 86 158a4f2-158a505 RegSetValueExW 83->86 87 158a527-158a52c 83->87 84->83 88 158a52e-158a533 86->88 89 158a507-158a524 86->89 87->86 88->89
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,B6A7AFF4,00000000,00000000,00000000,00000000), ref: 0158A4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365800492.000000000158A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0158A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_158a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: f6310caeb06d30b153d5e736ce5e5b174654f7bd9cfc648a0b19fae0fdda967c
                                                                                                          • Instruction ID: 16a982b06a57895bd377bc0955dd560bd8896c492243dc675d288af4a3ab94f0
                                                                                                          • Opcode Fuzzy Hash: f6310caeb06d30b153d5e736ce5e5b174654f7bd9cfc648a0b19fae0fdda967c
                                                                                                          • Instruction Fuzzy Hash: C711D372600604AFEB219F15DC44FABFBECEF04614F04855AED459B652D374E448CA71
                                                                                                          Function 05920310 Relevance: .2, Instructions: 189COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 93 5920310-5920334 95 5920336-5920338 93->95 96 592033e-5920346 93->96 95->96 97 5920348-592034d 96->97 98 592034e-5920391 96->98 101 5920393-59203bb 98->101 102 59203d8-59203ff 98->102 107 59203ce 101->107 108 592040a-5920418 102->108 107->102 109 592041a 108->109 110 592041f-5920434 108->110 109->110 112 5920436-5920460 110->112 113 592046b-5920523 110->113 112->113 132 5920570-5920587 113->132 133 5920525-5920569 113->133 134 5920880 132->134 135 592058d-59205bf 132->135 133->132 135->134
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2366379259.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5920000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 79865936563546189d9ea6e796d82f8e1dd7527eee84c8680e9e8490ac9cc497
                                                                                                          • Instruction ID: eb84ae1328ec16e20edd9720664579769aae0bb7ded1569fc23794642ce28a02
                                                                                                          • Opcode Fuzzy Hash: 79865936563546189d9ea6e796d82f8e1dd7527eee84c8680e9e8490ac9cc497
                                                                                                          • Instruction Fuzzy Hash: DC5124347002118BCB18EB7994146BD77E7FBC5244B95886AE406DF395DF3DCC4A87A2
                                                                                                          Function 059203BD Relevance: .1, Instructions: 135COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 146 59203bd-5920418 154 592041a 146->154 155 592041f-5920434 146->155 154->155 157 5920436-5920460 155->157 158 592046b-5920523 155->158 157->158 177 5920570-5920587 158->177 178 5920525-5920569 158->178 179 5920880 177->179 180 592058d-59205bf 177->180 178->177 180->179
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2366379259.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5920000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: abcce68b22a6dc4eba997ee995b291e89c06ecddaa289623929f09f318dc9368
                                                                                                          • Instruction ID: e10adcccd1b061e218c52258085c44664406342992764b724490b3cbaca171c6
                                                                                                          • Opcode Fuzzy Hash: abcce68b22a6dc4eba997ee995b291e89c06ecddaa289623929f09f318dc9368
                                                                                                          • Instruction Fuzzy Hash: FE4102347001168BCB18B77990186BD76D7AFC5288B85882AD806DF3D4DF3D8D4A97A3
                                                                                                          Function 05920080 Relevance: .1, Instructions: 129COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 191 5920080-59200ad 194 59200b8-59202f9 191->194
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2366379259.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5920000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a14b85ffaa02d228315a2a1f0549e3b4b0ec73e0dadedd6afcb5dfd26bbb95fa
                                                                                                          • Instruction ID: 441d165effd8e3f1e8286e0a4c161fc5dc5a5ff67aebc2ab6dfec43e0c515457
                                                                                                          • Opcode Fuzzy Hash: a14b85ffaa02d228315a2a1f0549e3b4b0ec73e0dadedd6afcb5dfd26bbb95fa
                                                                                                          • Instruction Fuzzy Hash: 97514338216146CBC714EB38E4484E977A2FBC024C396C96AE4054B76AEF3D5D5ECB92
                                                                                                          Function 0320104B Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 232 320104b-320106b 233 320106e-3201088 232->233 234 320108e-32010ab 233->234
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2366139691.0000000003201000.00000040.00000020.00020000.00000000.sdmp, Offset: 03201000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_3201000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 508ea6479fea4f218f2cde218be315709affd56518dd3fd29da36ac9aad80646
                                                                                                          • Instruction ID: 676da92248f56168069ccc1221b6a80e4978358b199066c633858cabb8849bdd
                                                                                                          • Opcode Fuzzy Hash: 508ea6479fea4f218f2cde218be315709affd56518dd3fd29da36ac9aad80646
                                                                                                          • Instruction Fuzzy Hash: 940186B554D7C46FC7128B15AC40863BFF8EF8663070984ABED898B612D129B919CB71
                                                                                                          Function 05920006 Relevance: .0, Instructions: 43COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 235 5920006-5920076
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2366379259.0000000005920000.00000040.00000800.00020000.00000000.sdmp, Offset: 05920000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_5920000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 90ece1a1455f45b03671060690774b3740a4a8f94e65bccb54581abe4bc1dee7
                                                                                                          • Instruction ID: 3e7e55a5624f97b04004986da0aecbe1976ef3fcb7780dd72f66044fb121f993
                                                                                                          • Opcode Fuzzy Hash: 90ece1a1455f45b03671060690774b3740a4a8f94e65bccb54581abe4bc1dee7
                                                                                                          • Instruction Fuzzy Hash: 87017FAA48E3C24FDB0743609C61A957FB1AF53120B4F41E7C080CF9E3D44C495AC322
                                                                                                          Function 0320106E Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 236 320106e-3201088 237 320108e-32010ab 236->237
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2366139691.0000000003201000.00000040.00000020.00020000.00000000.sdmp, Offset: 03201000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_3201000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: e048da1b78f832735816bb9cb87a71aba0a4282f530e1d06961ab3c49473ff2f
                                                                                                          • Instruction ID: e7ddd2bd93c3d354e55ddcda8c01be2665972542599fed2e2a500da4efd1a4b7
                                                                                                          • Opcode Fuzzy Hash: e048da1b78f832735816bb9cb87a71aba0a4282f530e1d06961ab3c49473ff2f
                                                                                                          • Instruction Fuzzy Hash: 1FE092B66046045B9650DF0AFC41462F7D8EB84630708C07FDD0D8BB01D639B508CAA5
                                                                                                          Function 015823F4 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 238 15823f4-15823ff 239 1582401-158240e 238->239 240 1582412-1582417 238->240 239->240 241 1582419 240->241 242 158241a 240->242 243 1582420-1582421 242->243
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365785459.0000000001582000.00000040.00000800.00020000.00000000.sdmp, Offset: 01582000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1582000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: c6cdc7cb6744c8e071947b70613487af1e194f7c156a14a5bb714b02bc674c75
                                                                                                          • Instruction ID: c66d264b6b54c8ad755d7dfe5f682af5aa1e3e5005172802807a3640ac56c6f8
                                                                                                          • Opcode Fuzzy Hash: c6cdc7cb6744c8e071947b70613487af1e194f7c156a14a5bb714b02bc674c75
                                                                                                          • Instruction Fuzzy Hash: F4D05E792056C14FE316AB1CC5A8F9A3FE4BB51718F4A44FAAC008F773C768D581D610
                                                                                                          Function 015823BC Relevance: .0, Instructions: 14COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 244 15823bc-15823c3 245 15823c5-15823d2 244->245 246 15823d6-15823db 244->246 245->246 247 15823dd-15823e0 246->247 248 15823e1 246->248 249 15823e7-15823e8 248->249
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000A.00000002.2365785459.0000000001582000.00000040.00000800.00020000.00000000.sdmp, Offset: 01582000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_10_2_1582000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 97f7b4643d18c53ba077d0973ade1e702d3019b3931cc9ffcdee274055875fe9
                                                                                                          • Instruction ID: 9cbcc44a73868b940aaaee68b1a2618820843c48966caf3b72e6eed5b349b601
                                                                                                          • Opcode Fuzzy Hash: 97f7b4643d18c53ba077d0973ade1e702d3019b3931cc9ffcdee274055875fe9
                                                                                                          • Instruction Fuzzy Hash: 9CD017342002814BD726EA0CC6A4F693BD4AB40714F0644A8AC108B662CBA4D980CA00

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:17.9%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:19
                                                                                                          Total number of Limit Nodes:1
                                                                                                          execution_graph 591 2c1a361 593 2c1a392 RegQueryValueExW 591->593 594 2c1a41b 593->594 583 2c1a710 584 2c1a74e CloseHandle 583->584 586 2c1a788 584->586 587 2c1a612 589 2c1a646 CreateMutexW 587->589 590 2c1a6c1 589->590 595 2c1a462 597 2c1a486 RegSetValueExW 595->597 598 2c1a507 597->598 571 2c1a646 573 2c1a67e CreateMutexW 571->573 574 2c1a6c1 573->574 579 2c1a74e 580 2c1a7b9 579->580 581 2c1a77a CloseHandle 579->581 580->581 582 2c1a788 581->582

                                                                                                          Callgraph

                                                                                                          Executed Functions

                                                                                                          Function 0551035D Relevance: 3.9, Strings: 3, Instructions: 162COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 551035d-5510391 2 5510393-55103ce 0->2 3 55103d8-5510418 0->3 2->3 10 551041a 3->10 11 551041f-5510434 3->11 10->11 13 5510436-5510460 11->13 14 551046b-5510523 11->14 13->14 33 5510570-5510587 14->33 34 5510525-5510569 14->34 35 5510880 33->35 36 551058d-55105bf 33->36 34->33 36->35
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447826430.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_5510000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [_i^$-[_i^$=[_i^
                                                                                                          • API String ID: 0-1094846625
                                                                                                          • Opcode ID: 69660c7262e436000aa2be9c4aa3f00d3a5fccf824f10474f67aebc49dfe5a0d
                                                                                                          • Instruction ID: f532ae79d807e180f800f62f98cc44fd409ab2de0f2671b52750a91388f37d36
                                                                                                          • Opcode Fuzzy Hash: 69660c7262e436000aa2be9c4aa3f00d3a5fccf824f10474f67aebc49dfe5a0d
                                                                                                          • Instruction Fuzzy Hash: A1514734B001108BDB18EB7890142BE36DBAFC9384B554929D806DB3D0DF3D8D4A97F2
                                                                                                          Function 05510368 Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 47 5510368-5510391 49 5510393-55103ce 47->49 50 55103d8-5510418 47->50 49->50 57 551041a 50->57 58 551041f-5510434 50->58 57->58 60 5510436-5510460 58->60 61 551046b-5510523 58->61 60->61 80 5510570-5510587 61->80 81 5510525-5510569 61->81 82 5510880 80->82 83 551058d-55105bf 80->83 81->80 83->82
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447826430.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_5510000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [_i^$-[_i^$=[_i^
                                                                                                          • API String ID: 0-1094846625
                                                                                                          • Opcode ID: 9ea25627a50b10f98e640531e798296404642bdecf1de5c34dd97a28d44d6539
                                                                                                          • Instruction ID: 58f9d62d122a61d58dafae435a3a0fc072121f55608ddf80f5b04474dae1b8e5
                                                                                                          • Opcode Fuzzy Hash: 9ea25627a50b10f98e640531e798296404642bdecf1de5c34dd97a28d44d6539
                                                                                                          • Instruction Fuzzy Hash: DA514838B001158BDB18EB7984142BE36DBAFC9384B554929D806DB3D0DF3D9D8A97F2
                                                                                                          Function 0551031C Relevance: 3.9, Strings: 3, Instructions: 147COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 94 551031c-5510418 103 551041a 94->103 104 551041f-5510434 94->104 103->104 106 5510436-5510460 104->106 107 551046b-5510523 104->107 106->107 126 5510570-5510587 107->126 127 5510525-5510569 107->127 128 5510880 126->128 129 551058d-55105bf 126->129 127->126 129->128
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447826430.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_5510000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [_i^$-[_i^$=[_i^
                                                                                                          • API String ID: 0-1094846625
                                                                                                          • Opcode ID: d0b463ba5b547831a0e1b108cbdbf47e7c6c29004d4a5db5ee9d0aca900f28cc
                                                                                                          • Instruction ID: 516c84f48629b83eac50468a8796a7946277d072b8b5dca6f6a4fd344cb9bfb7
                                                                                                          • Opcode Fuzzy Hash: d0b463ba5b547831a0e1b108cbdbf47e7c6c29004d4a5db5ee9d0aca900f28cc
                                                                                                          • Instruction Fuzzy Hash: 3E514838B041118BDB14E77890142BD37D7AFC6344B554A6AD806DB3D0DF3D8D4A97E2
                                                                                                          Function 055103BD Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 140 55103bd-5510418 148 551041a 140->148 149 551041f-5510434 140->149 148->149 151 5510436-5510460 149->151 152 551046b-5510523 149->152 151->152 171 5510570-5510587 152->171 172 5510525-5510569 152->172 173 5510880 171->173 174 551058d-55105bf 171->174 172->171 174->173
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447826430.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_5510000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [_i^$-[_i^$=[_i^
                                                                                                          • API String ID: 0-1094846625
                                                                                                          • Opcode ID: 276ab703ffe8df168bf23e7b77d791ab00d462aeba65227558f475cb7ba0a327
                                                                                                          • Instruction ID: 1d9f55bfc21bb880a09eb20902ae47481ee686df6ec3fa19ade11f67ed74ee63
                                                                                                          • Opcode Fuzzy Hash: 276ab703ffe8df168bf23e7b77d791ab00d462aeba65227558f475cb7ba0a327
                                                                                                          • Instruction Fuzzy Hash: 24412538B041258BDB08A77990142BD36DBAFC5288B554A29D806DF3D0DF3D8E4A97F2
                                                                                                          Function 02C1A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 185 2c1a612-2c1a695 189 2c1a697 185->189 190 2c1a69a-2c1a6a3 185->190 189->190 191 2c1a6a5 190->191 192 2c1a6a8-2c1a6b1 190->192 191->192 193 2c1a6b3-2c1a6d7 CreateMutexW 192->193 194 2c1a702-2c1a707 192->194 197 2c1a709-2c1a70e 193->197 198 2c1a6d9-2c1a6ff 193->198 194->193 197->198
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 02C1A6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: 04f59b53bafce02fc8097c505cd804a3d60a60f5ef5c10b03ab5162ab17173ee
                                                                                                          • Instruction ID: e9156f85f04b91a24ab6067f8ac93d139a1c2e0d4db44dc55d29debb05d7ff83
                                                                                                          • Opcode Fuzzy Hash: 04f59b53bafce02fc8097c505cd804a3d60a60f5ef5c10b03ab5162ab17173ee
                                                                                                          • Instruction Fuzzy Hash: AC3193715093846FE712CB25DC85B96BFF8EF06214F08849AE944CF292D375E909C761
                                                                                                          Function 02C1A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 201 2c1a361-2c1a3cf 204 2c1a3d1 201->204 205 2c1a3d4-2c1a3dd 201->205 204->205 206 2c1a3e2-2c1a3e8 205->206 207 2c1a3df 205->207 208 2c1a3ea 206->208 209 2c1a3ed-2c1a404 206->209 207->206 208->209 211 2c1a406-2c1a419 RegQueryValueExW 209->211 212 2c1a43b-2c1a440 209->212 213 2c1a442-2c1a447 211->213 214 2c1a41b-2c1a438 211->214 212->211 213->214
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,D2193ED6,00000000,00000000,00000000,00000000), ref: 02C1A40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 718c09434aae63e56ba6ea8cb776ab1d4ad5414a2a7bbe4a3fb5a5b0209c5c43
                                                                                                          • Instruction ID: 28dc9f8ec6a33e3281997a128df602723ee50033a467c832cab7a6fd302f14ac
                                                                                                          • Opcode Fuzzy Hash: 718c09434aae63e56ba6ea8cb776ab1d4ad5414a2a7bbe4a3fb5a5b0209c5c43
                                                                                                          • Instruction Fuzzy Hash: 2331CE75509784AFE722CF11CC85F92BBFCEF46210F08849AE985CB292D324E908CB71
                                                                                                          Function 02C1A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 218 2c1a462-2c1a4c3 221 2c1a4c5 218->221 222 2c1a4c8-2c1a4d4 218->222 221->222 223 2c1a4d6 222->223 224 2c1a4d9-2c1a4f0 222->224 223->224 226 2c1a4f2-2c1a505 RegSetValueExW 224->226 227 2c1a527-2c1a52c 224->227 228 2c1a507-2c1a524 226->228 229 2c1a52e-2c1a533 226->229 227->226 229->228
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,D2193ED6,00000000,00000000,00000000,00000000), ref: 02C1A4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: 8adeec097c592fc8b6ed709fdaf46718c8edcfdb623817e1cc0f55a6964e1b57
                                                                                                          • Instruction ID: 741310015208fa42a9697b24ab385a4902acfcd2ec2b520d1057fb8dabc80653
                                                                                                          • Opcode Fuzzy Hash: 8adeec097c592fc8b6ed709fdaf46718c8edcfdb623817e1cc0f55a6964e1b57
                                                                                                          • Instruction Fuzzy Hash: 9721A172509784AFD7228F11DC45F67BFB8EF46210F08849AE945CB652D364E508C771
                                                                                                          Function 02C1A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 233 2c1a646-2c1a695 236 2c1a697 233->236 237 2c1a69a-2c1a6a3 233->237 236->237 238 2c1a6a5 237->238 239 2c1a6a8-2c1a6b1 237->239 238->239 240 2c1a6b3-2c1a6bb CreateMutexW 239->240 241 2c1a702-2c1a707 239->241 242 2c1a6c1-2c1a6d7 240->242 241->240 244 2c1a709-2c1a70e 242->244 245 2c1a6d9-2c1a6ff 242->245 244->245
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 02C1A6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: e99378e0d826577e528508fb01303e7093d08fd8d77ef744f840777cbe596425
                                                                                                          • Instruction ID: 7bdbc64864cff34ffae855fe0438df6d8b11969a2d0ab2ecdb3636f9c076a9df
                                                                                                          • Opcode Fuzzy Hash: e99378e0d826577e528508fb01303e7093d08fd8d77ef744f840777cbe596425
                                                                                                          • Instruction Fuzzy Hash: E6219F71605204AFF720DF26DD86BA6FBE8EF05224F08846AED45CB741D375E909CAB1
                                                                                                          Function 02C1A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 248 2c1a392-2c1a3cf 250 2c1a3d1 248->250 251 2c1a3d4-2c1a3dd 248->251 250->251 252 2c1a3e2-2c1a3e8 251->252 253 2c1a3df 251->253 254 2c1a3ea 252->254 255 2c1a3ed-2c1a404 252->255 253->252 254->255 257 2c1a406-2c1a419 RegQueryValueExW 255->257 258 2c1a43b-2c1a440 255->258 259 2c1a442-2c1a447 257->259 260 2c1a41b-2c1a438 257->260 258->257 259->260
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,D2193ED6,00000000,00000000,00000000,00000000), ref: 02C1A40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 98db298fb4d9733a5564820c271a4873ad7dd379cb7d7c1862169c75c30998ac
                                                                                                          • Instruction ID: 177d7ab60de713a3e5653ae27d75855d1e64c989cc424b02f485d4223432ce10
                                                                                                          • Opcode Fuzzy Hash: 98db298fb4d9733a5564820c271a4873ad7dd379cb7d7c1862169c75c30998ac
                                                                                                          • Instruction Fuzzy Hash: 3521CD76601208AFE720CF16CC86FA6F7ECEF45614F08C46AED458B691D374E908DA71
                                                                                                          Function 02C1A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 264 2c1a486-2c1a4c3 266 2c1a4c5 264->266 267 2c1a4c8-2c1a4d4 264->267 266->267 268 2c1a4d6 267->268 269 2c1a4d9-2c1a4f0 267->269 268->269 271 2c1a4f2-2c1a505 RegSetValueExW 269->271 272 2c1a527-2c1a52c 269->272 273 2c1a507-2c1a524 271->273 274 2c1a52e-2c1a533 271->274 272->271 274->273
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,D2193ED6,00000000,00000000,00000000,00000000), ref: 02C1A4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: e72328baf357432de2f986947ba5b9d030c5b4655d9cebc310809a5bb31a3cd5
                                                                                                          • Instruction ID: d05190f2e15c25cf8ddf7a8dabbc1e762c56b43d7c2d4646225cd55c4bae5629
                                                                                                          • Opcode Fuzzy Hash: e72328baf357432de2f986947ba5b9d030c5b4655d9cebc310809a5bb31a3cd5
                                                                                                          • Instruction Fuzzy Hash: BB110372600604AFE7218E02DC46FA7FBECEF04214F04805AED058A641D374E508DA71
                                                                                                          Function 02C1A710 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 278 2c1a710-2c1a778 280 2c1a7b9-2c1a7be 278->280 281 2c1a77a-2c1a79a CloseHandle 278->281 280->281 284 2c1a7c0-2c1a7c5 281->284 285 2c1a79c-2c1a7b8 281->285 284->285
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNELBASE(?), ref: 02C1A780
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: ac65cb157d77cead97443f00eac5bac0a1a5b3f507f27e3ea6b92e3a459ea344
                                                                                                          • Instruction ID: 844623b0764b2924c29f475e6ef3fb58d4343e88aac33523a73b88f68c66d9f7
                                                                                                          • Opcode Fuzzy Hash: ac65cb157d77cead97443f00eac5bac0a1a5b3f507f27e3ea6b92e3a459ea344
                                                                                                          • Instruction Fuzzy Hash: 1C219FB15093849FD7128F15D895752BFA8EF43224F0980DADD458B6A3D234A909CBA1
                                                                                                          Function 02C1A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 287 2c1a74e-2c1a778 288 2c1a7b9-2c1a7be 287->288 289 2c1a77a-2c1a782 CloseHandle 287->289 288->289 290 2c1a788-2c1a79a 289->290 292 2c1a7c0-2c1a7c5 290->292 293 2c1a79c-2c1a7b8 290->293 292->293
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNELBASE(?), ref: 02C1A780
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447288905.0000000002C1A000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C1A000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c1a000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: 64a85dc44a8b14bd80a7abfbc0a6b606370d42803539c5311a291655fbb2a00e
                                                                                                          • Instruction ID: 7d0d9d9159ffcb3a5c8feebf7544d8793a946111d20420c6863df17ca5a8b610
                                                                                                          • Opcode Fuzzy Hash: 64a85dc44a8b14bd80a7abfbc0a6b606370d42803539c5311a291655fbb2a00e
                                                                                                          • Instruction Fuzzy Hash: 3C01F271A052048FEB10CF26D885766FBE4EF05220F08C4ABDC098F742D379E948CEA2
                                                                                                          Function 05510080 Relevance: .1, Instructions: 130COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 295 5510080-55100ad 298 55100b8-55102f9 295->298
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447826430.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_5510000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f12de9cfc536264e95e217b2ed113845ab6e8b46f62505722e6818f1aebc2f59
                                                                                                          • Instruction ID: f82a29a27152d09b19e979387417137e9b5d8ecfa3600fd0cf491973654a5b9b
                                                                                                          • Opcode Fuzzy Hash: f12de9cfc536264e95e217b2ed113845ab6e8b46f62505722e6818f1aebc2f59
                                                                                                          • Instruction Fuzzy Hash: 4A51A2386112458BCB10DB34E4888EA77B6FBC834CB5197A8E4044B626DF3C7C4ECBA1
                                                                                                          Function 02E01048 Relevance: .0, Instructions: 46COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 336 2e01048-2e01088 338 2e0108e-2e010ab 336->338
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447594787.0000000002E01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2e01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: ccf8ac7409429c9a381db8a1aa83191417bbb323df3f1d0314a615e8cc069ecf
                                                                                                          • Instruction ID: 6626d0384432ae89b099e97dee0e8b0c28b598b8abb9976adaa8cf5c7706d4de
                                                                                                          • Opcode Fuzzy Hash: ccf8ac7409429c9a381db8a1aa83191417bbb323df3f1d0314a615e8cc069ecf
                                                                                                          • Instruction Fuzzy Hash: 9701A2755493845FC3128F15AC40853BFF8EF8623070984EBEC88CB762D229A909CBB2
                                                                                                          Function 02E0106E Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 339 2e0106e-2e01088 340 2e0108e-2e010ab 339->340
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447594787.0000000002E01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02E01000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2e01000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a80982e45e287f54d123641a545fdafe9e994e0443cac6d6e8592cb4d4ff0d60
                                                                                                          • Instruction ID: 0c96b1b278afce0283a8f0851e4b2b5f7bdfc7274c9a8745f116c1f47bcbf352
                                                                                                          • Opcode Fuzzy Hash: a80982e45e287f54d123641a545fdafe9e994e0443cac6d6e8592cb4d4ff0d60
                                                                                                          • Instruction Fuzzy Hash: 6DE092B6A046048B9650CF0AFC41452F7D8EB84630718C07FDC0D8BB01E235B508CAA5
                                                                                                          Function 02C123F4 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447268381.0000000002C12000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C12000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c12000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: f685a185e8fc499b72ff05dcde35030329ce9378c76ba758404cf92a8804b4a0
                                                                                                          • Instruction ID: 53222095f4db2620f1de8708a2c4547f09085da2d93852c926d430c72bb3cd53
                                                                                                          • Opcode Fuzzy Hash: f685a185e8fc499b72ff05dcde35030329ce9378c76ba758404cf92a8804b4a0
                                                                                                          • Instruction Fuzzy Hash: 44D05E792056D14FD3169B1CC5AAF9637D4AB92718F4A44F9AC008B763C768E681E601
                                                                                                          Function 02C123BC Relevance: .0, Instructions: 14COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447268381.0000000002C12000.00000040.00000800.00020000.00000000.sdmp, Offset: 02C12000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_2c12000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 5c1d276c8a3573d960bc521144ba5bf4a9ed93159c7d01bc6eeeba84bcf819d7
                                                                                                          • Instruction ID: 7a1dc05233ce77ceb7f8d7f44c8540e98c13809f06558eeb827ab58884a1a0fa
                                                                                                          • Opcode Fuzzy Hash: 5c1d276c8a3573d960bc521144ba5bf4a9ed93159c7d01bc6eeeba84bcf819d7
                                                                                                          • Instruction Fuzzy Hash: 67D05E382002854FC725DB0CC6D5F9937D8AF81718F4644E8AC108B762C7A4D9C0EA01
                                                                                                          Function 0551006A Relevance: .0, Instructions: 4COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000B.00000002.2447826430.0000000005510000.00000040.00000800.00020000.00000000.sdmp, Offset: 05510000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_11_2_5510000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a39e48f18ad849e3ce88d3df09c8252815fc3a6b826e19e5620f6555318e2dac
                                                                                                          • Instruction ID: 148f7cf6094a581eba774c861599d87624cb484585e4745132068379af038669
                                                                                                          • Opcode Fuzzy Hash: a39e48f18ad849e3ce88d3df09c8252815fc3a6b826e19e5620f6555318e2dac
                                                                                                          • Instruction Fuzzy Hash: D59002A1C90094C78D109694A90974E3728AA8061132746D59105C3900DE2CA0198571

                                                                                                          Execution Graph

                                                                                                          Execution Coverage:19%
                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                          Signature Coverage:0%
                                                                                                          Total number of Nodes:19
                                                                                                          Total number of Limit Nodes:1
                                                                                                          execution_graph 576 2fda74e 577 2fda7b9 576->577 578 2fda77a CloseHandle 576->578 577->578 579 2fda788 578->579 580 2fda646 581 2fda67e CreateMutexW 580->581 583 2fda6c1 581->583 592 2fda361 593 2fda392 RegQueryValueExW 592->593 595 2fda41b 593->595 600 2fda710 602 2fda74e CloseHandle 600->602 603 2fda788 602->603 596 2fda462 598 2fda486 RegSetValueExW 596->598 599 2fda507 598->599 604 2fda612 605 2fda646 CreateMutexW 604->605 607 2fda6c1 605->607

                                                                                                          Callgraph

                                                                                                          Executed Functions

                                                                                                          Function 058D0310 Relevance: 3.9, Strings: 3, Instructions: 188COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 0 58d0310-58d0334 2 58d033e-58d0346 0->2 3 58d0336-58d0338 0->3 4 58d034e-58d0391 2->4 5 58d0348-58d034d 2->5 3->2 8 58d03d8-58d0418 4->8 9 58d0393-58d03ce 4->9 16 58d041f-58d0434 8->16 17 58d041a 8->17 9->8 19 58d046b-58d0523 16->19 20 58d0436-58d0460 16->20 17->16 39 58d0525-58d0569 19->39 40 58d0570-58d0587 19->40 20->19 39->40 41 58d058d-58d05bf 40->41 42 58d0880 40->42 41->42
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529992277.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_58d0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [#i^$-[#i^$=[#i^
                                                                                                          • API String ID: 0-573514472
                                                                                                          • Opcode ID: 710d2127aec9da6cc219d893e35bdec5d889658183b09416e06b5108d583a08b
                                                                                                          • Instruction ID: d73854a5131bf5b28031413de72d7e5f3384f14b10549e2ce6d179eb15533405
                                                                                                          • Opcode Fuzzy Hash: 710d2127aec9da6cc219d893e35bdec5d889658183b09416e06b5108d583a08b
                                                                                                          • Instruction Fuzzy Hash: 44510730704205DBCB09DB7994186BEB7E7AB85688B544869E902DF381EF3DCD45C7E2
                                                                                                          Function 058D03BD Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 53 58d03bd-58d0418 61 58d041f-58d0434 53->61 62 58d041a 53->62 64 58d046b-58d0523 61->64 65 58d0436-58d0460 61->65 62->61 84 58d0525-58d0569 64->84 85 58d0570-58d0587 64->85 65->64 84->85 86 58d058d-58d05bf 85->86 87 58d0880 85->87 86->87
                                                                                                          Strings
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529992277.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_58d0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID: [#i^$-[#i^$=[#i^
                                                                                                          • API String ID: 0-573514472
                                                                                                          • Opcode ID: 4e7edfc05a22aeee3ca7603e56b19baaa10948c4bc5f439ee68d2d78f42f651f
                                                                                                          • Instruction ID: 4f73cf6f6d1cf8b5aa7604a26e35ee0ba79a7ceeed60b49b315397e8078e0da3
                                                                                                          • Opcode Fuzzy Hash: 4e7edfc05a22aeee3ca7603e56b19baaa10948c4bc5f439ee68d2d78f42f651f
                                                                                                          • Instruction Fuzzy Hash: CF411430B002198BCB09E77994282BD72D79FC66C8B584869D902DF3D0EF3D8D4687E2
                                                                                                          Function 02FDA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 98 2fda612-2fda695 102 2fda69a-2fda6a3 98->102 103 2fda697 98->103 104 2fda6a8-2fda6b1 102->104 105 2fda6a5 102->105 103->102 106 2fda6b3-2fda6d7 CreateMutexW 104->106 107 2fda702-2fda707 104->107 105->104 110 2fda709-2fda70e 106->110 111 2fda6d9-2fda6ff 106->111 107->106 110->111
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 02FDA6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: 378f6ae66b0c9b87733409368388e113c1b78fef48804ec748d8f4f716991d25
                                                                                                          • Instruction ID: 419abdca3782b4e72ed29858ded99c9e49c5a80d9e9ce4ecd7a2403a296c6a37
                                                                                                          • Opcode Fuzzy Hash: 378f6ae66b0c9b87733409368388e113c1b78fef48804ec748d8f4f716991d25
                                                                                                          • Instruction Fuzzy Hash: 6231B3755093846FE712CB25CC85B96BFF8EF06214F08849AE984CF293D374E809CB66
                                                                                                          Function 02FDA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 114 2fda361-2fda3cf 117 2fda3d4-2fda3dd 114->117 118 2fda3d1 114->118 119 2fda3df 117->119 120 2fda3e2-2fda3e8 117->120 118->117 119->120 121 2fda3ed-2fda404 120->121 122 2fda3ea 120->122 124 2fda43b-2fda440 121->124 125 2fda406-2fda419 RegQueryValueExW 121->125 122->121 124->125 126 2fda41b-2fda438 125->126 127 2fda442-2fda447 125->127 127->126
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,F8DD846F,00000000,00000000,00000000,00000000), ref: 02FDA40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: adc25c00bdc639b8fa34376f8dbb8dd3762f02937c471692f233d002c3acc257
                                                                                                          • Instruction ID: 9be09048f69aea849f4d8d65a77a00d2f9ecc4a300f4a0d9428bdfc76f3f3ab1
                                                                                                          • Opcode Fuzzy Hash: adc25c00bdc639b8fa34376f8dbb8dd3762f02937c471692f233d002c3acc257
                                                                                                          • Instruction Fuzzy Hash: 97319175509784AFE722CF11CC84F92BBF8EF06214F08859AE985CB292D364E909CB71
                                                                                                          Function 02FDA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 131 2fda462-2fda4c3 134 2fda4c8-2fda4d4 131->134 135 2fda4c5 131->135 136 2fda4d9-2fda4f0 134->136 137 2fda4d6 134->137 135->134 139 2fda527-2fda52c 136->139 140 2fda4f2-2fda505 RegSetValueExW 136->140 137->136 139->140 141 2fda52e-2fda533 140->141 142 2fda507-2fda524 140->142 141->142
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,F8DD846F,00000000,00000000,00000000,00000000), ref: 02FDA4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: b5854ec316e08f3244c1b8430a88405b567d95e14ef7893de7427d3285230e93
                                                                                                          • Instruction ID: 95d4bcc402ddcc57d8405a8435a4648e4cfbb82fdd950cd1d74c80157f3976f3
                                                                                                          • Opcode Fuzzy Hash: b5854ec316e08f3244c1b8430a88405b567d95e14ef7893de7427d3285230e93
                                                                                                          • Instruction Fuzzy Hash: 0B2190725043846FDB228F11DC44FA7BFB8EF46214F08859AED85CB652D364E808C775
                                                                                                          Function 02FDA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 146 2fda646-2fda695 149 2fda69a-2fda6a3 146->149 150 2fda697 146->150 151 2fda6a8-2fda6b1 149->151 152 2fda6a5 149->152 150->149 153 2fda6b3-2fda6bb CreateMutexW 151->153 154 2fda702-2fda707 151->154 152->151 155 2fda6c1-2fda6d7 153->155 154->153 157 2fda709-2fda70e 155->157 158 2fda6d9-2fda6ff 155->158 157->158
                                                                                                          APIs
                                                                                                          • CreateMutexW.KERNELBASE(?,?), ref: 02FDA6B9
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CreateMutex
                                                                                                          • String ID:
                                                                                                          • API String ID: 1964310414-0
                                                                                                          • Opcode ID: 4c54ab6368e4c5a76860392961e8ff46cbd7f0782f4684b604b4970af71a7f83
                                                                                                          • Instruction ID: 914136537f4ff877e915fb57957d725ed9cf0020f2ff83627b4532e75af46bf3
                                                                                                          • Opcode Fuzzy Hash: 4c54ab6368e4c5a76860392961e8ff46cbd7f0782f4684b604b4970af71a7f83
                                                                                                          • Instruction Fuzzy Hash: 432192756042049FE710DF25DD85BA6FBE8EF04214F08886AEE45CB741D375E809CA75
                                                                                                          Function 02FDA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 161 2fda392-2fda3cf 163 2fda3d4-2fda3dd 161->163 164 2fda3d1 161->164 165 2fda3df 163->165 166 2fda3e2-2fda3e8 163->166 164->163 165->166 167 2fda3ed-2fda404 166->167 168 2fda3ea 166->168 170 2fda43b-2fda440 167->170 171 2fda406-2fda419 RegQueryValueExW 167->171 168->167 170->171 172 2fda41b-2fda438 171->172 173 2fda442-2fda447 171->173 173->172
                                                                                                          APIs
                                                                                                          • RegQueryValueExW.KERNELBASE(?,00000E24,F8DD846F,00000000,00000000,00000000,00000000), ref: 02FDA40C
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: QueryValue
                                                                                                          • String ID:
                                                                                                          • API String ID: 3660427363-0
                                                                                                          • Opcode ID: 245e38cc89015be2b41c9badfaee3d925e601ba7ebdd3046e4c10d25eaecb1fa
                                                                                                          • Instruction ID: ce03ded4507a250d79de249719dad66596a4cb6a43df610763bee52c01f46365
                                                                                                          • Opcode Fuzzy Hash: 245e38cc89015be2b41c9badfaee3d925e601ba7ebdd3046e4c10d25eaecb1fa
                                                                                                          • Instruction Fuzzy Hash: 6C21CD72600604AFEB20CF11CC84FA6F7ECEF04664F08856AEE468B691D775E908CA75
                                                                                                          Function 02FDA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 177 2fda486-2fda4c3 179 2fda4c8-2fda4d4 177->179 180 2fda4c5 177->180 181 2fda4d9-2fda4f0 179->181 182 2fda4d6 179->182 180->179 184 2fda527-2fda52c 181->184 185 2fda4f2-2fda505 RegSetValueExW 181->185 182->181 184->185 186 2fda52e-2fda533 185->186 187 2fda507-2fda524 185->187 186->187
                                                                                                          APIs
                                                                                                          • RegSetValueExW.KERNELBASE(?,00000E24,F8DD846F,00000000,00000000,00000000,00000000), ref: 02FDA4F8
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: Value
                                                                                                          • String ID:
                                                                                                          • API String ID: 3702945584-0
                                                                                                          • Opcode ID: 8dc21bfc20e0a5e3154caa74d816a3582423a324ed31f5f3e0bccf5011973994
                                                                                                          • Instruction ID: f50cafccb0ea571f4800792a5e6e7f7ab4f24eb264fa5775ac0e85c3460b8310
                                                                                                          • Opcode Fuzzy Hash: 8dc21bfc20e0a5e3154caa74d816a3582423a324ed31f5f3e0bccf5011973994
                                                                                                          • Instruction Fuzzy Hash: 8D11D372600604AFEB218F11DC45FA7FBECEF04614F08855AEE458B751D374E448CA75
                                                                                                          Function 02FDA710 Relevance: 1.3, APIs: 1, Instructions: 66COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 191 2fda710-2fda778 193 2fda7b9-2fda7be 191->193 194 2fda77a-2fda79a CloseHandle 191->194 193->194 197 2fda79c-2fda7b8 194->197 198 2fda7c0-2fda7c5 194->198 198->197
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNELBASE(?), ref: 02FDA780
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: 8678d15bc16f9e950dc1fcf610e994c2f8c7308c084c6de0e2631bef216dc909
                                                                                                          • Instruction ID: d4156042f00730a30049b03ebdfa33d5ec0afbbe0d47735cafdf93329d051b94
                                                                                                          • Opcode Fuzzy Hash: 8678d15bc16f9e950dc1fcf610e994c2f8c7308c084c6de0e2631bef216dc909
                                                                                                          • Instruction Fuzzy Hash: 3421A1B25093849FDB128B15DC95752BFB8EF02324F0984DBDD858B6A3D334A909CB61
                                                                                                          Function 02FDA74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 200 2fda74e-2fda778 201 2fda7b9-2fda7be 200->201 202 2fda77a-2fda782 CloseHandle 200->202 201->202 204 2fda788-2fda79a 202->204 205 2fda79c-2fda7b8 204->205 206 2fda7c0-2fda7c5 204->206 206->205
                                                                                                          APIs
                                                                                                          • CloseHandle.KERNELBASE(?), ref: 02FDA780
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529156465.0000000002FDA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FDA000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fda000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID: CloseHandle
                                                                                                          • String ID:
                                                                                                          • API String ID: 2962429428-0
                                                                                                          • Opcode ID: d6debdb0924e7b1ac7d5e3e845d664d5ffd1082efd0384456a937f5fa3ad9a00
                                                                                                          • Instruction ID: 998fbefa489f97d0f824c6dcec77c4b19014b3d49bfa74edc58802e810e2a50a
                                                                                                          • Opcode Fuzzy Hash: d6debdb0924e7b1ac7d5e3e845d664d5ffd1082efd0384456a937f5fa3ad9a00
                                                                                                          • Instruction Fuzzy Hash: C6018476A042488FDB10CF15D985755FBE4DF04220F08C4ABDD458B752D379E448CAA1
                                                                                                          Function 058D0080 Relevance: .1, Instructions: 128COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 208 58d0080-58d00ad 211 58d00b8-58d02f9 208->211
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529992277.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_58d0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 9f5a0c5714423e382179c8e8acbef2087087f13971225e65846ac96b10d0bd8e
                                                                                                          • Instruction ID: 26ca05a6781e9064d135bcbc851ac1c457a11fff63f1446bc1913ee20a2dd439
                                                                                                          • Opcode Fuzzy Hash: 9f5a0c5714423e382179c8e8acbef2087087f13971225e65846ac96b10d0bd8e
                                                                                                          • Instruction Fuzzy Hash: 2F51607061164ACBC714EB38E4A88DA77F2FB8528C3509AA8D5048B765FF3C5C99CBC1
                                                                                                          Function 03001047 Relevance: .1, Instructions: 52COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 249 3001047-300104c 250 300104e 249->250 251 300104f-3001088 249->251 250->251 253 300108e-30010ab 251->253
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529304861.0000000003001000.00000040.00000020.00020000.00000000.sdmp, Offset: 03001000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_3001000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 24731dcc392bc63a0768f3272c3c6482c75f2a37cb2165f57913088516ae15d7
                                                                                                          • Instruction ID: b64312c07ea2f5855e8c9749daa999ee9bbaa11fbd9847ee8ac36545ebc1db81
                                                                                                          • Opcode Fuzzy Hash: 24731dcc392bc63a0768f3272c3c6482c75f2a37cb2165f57913088516ae15d7
                                                                                                          • Instruction Fuzzy Hash: 5A1161B550D3C05FC3138B259C50852BFB8DE8722070984EBE888CB6A3D2696809C772
                                                                                                          Function 058D0018 Relevance: .0, Instructions: 35COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 254 58d0018-58d006a 256 58d0070 call 58d03bd 254->256 257 58d0070 call 3001047 254->257 258 58d0070 call 58d0301 254->258 259 58d0070 call 58d0310 254->259 260 58d0070 call 300106e 254->260 255 58d0076 256->255 257->255 258->255 259->255 260->255
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529992277.00000000058D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 058D0000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_58d0000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: a748d65ee684d16bfa69c664c0f82c703248f79cda42f9a1ec35dfb5a77b7764
                                                                                                          • Instruction ID: ab03d80268b4841f567ed74fa44c4d82bca9d9bdbe1c216809774e99dc178221
                                                                                                          • Opcode Fuzzy Hash: a748d65ee684d16bfa69c664c0f82c703248f79cda42f9a1ec35dfb5a77b7764
                                                                                                          • Instruction Fuzzy Hash: 63F07F6584EBC59FDB138724AC266D57F709F13245B0F09DBC1C1DF1A3D5185929C722
                                                                                                          Function 0300106E Relevance: .0, Instructions: 27COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 261 300106e-3001088 262 300108e-30010ab 261->262
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529304861.0000000003001000.00000040.00000020.00020000.00000000.sdmp, Offset: 03001000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_3001000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 44d925905496bfc690ccc6933170b25703d4a341687d66bbaead82383c3df2bf
                                                                                                          • Instruction ID: ae8018905e37488c5f2c95cd33154b2bdb9c39d5f85dc5b3d60d0db5ae32ec25
                                                                                                          • Opcode Fuzzy Hash: 44d925905496bfc690ccc6933170b25703d4a341687d66bbaead82383c3df2bf
                                                                                                          • Instruction Fuzzy Hash: E8E092B66046044F9650CF0AFC41452F7D8EF84630B18C47FDD0D8BB01D235B508CAA5
                                                                                                          Function 02FD23F4 Relevance: .0, Instructions: 15COMMON
                                                                                                          Download Yara Rule

                                                                                                          Control-flow Graph

                                                                                                          • Executed
                                                                                                          • Not Executed
                                                                                                          control_flow_graph 263 2fd23f4-2fd23ff 264 2fd2401-2fd240e 263->264 265 2fd2412-2fd2417 263->265 264->265 266 2fd2419 265->266 267 2fd241a 265->267 268 2fd2420-2fd2421 267->268
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529139428.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fd2000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 3a1ba2c0ff3214ec952a24b8360ee2798e85c16bc42a6d0d742bf146e5eb9fcd
                                                                                                          • Instruction ID: bbe8081c6c956ce3371ac9016683792db212e827ef09f1a319d8c8f4ac8691bc
                                                                                                          • Opcode Fuzzy Hash: 3a1ba2c0ff3214ec952a24b8360ee2798e85c16bc42a6d0d742bf146e5eb9fcd
                                                                                                          • Instruction Fuzzy Hash: C3D05E7A6056C14FD3179B1CC6A8F9637D5AB52718F4A44F9AC008B763C768E581D640
                                                                                                          Function 02FD23BC Relevance: .0, Instructions: 14COMMON
                                                                                                          Download Yara Rule
                                                                                                          Memory Dump Source
                                                                                                          • Source File: 0000000C.00000002.2529139428.0000000002FD2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02FD2000, based on PE: false
                                                                                                          Joe Sandbox IDA Plugin
                                                                                                          • Snapshot File: hcaresult_12_2_2fd2000_svchost.jbxd
                                                                                                          Similarity
                                                                                                          • API ID:
                                                                                                          • String ID:
                                                                                                          • API String ID:
                                                                                                          • Opcode ID: 65980c4a14a9871d6bac9233cf5b7037d206056ce82985e928ad27d3288e4fa8
                                                                                                          • Instruction ID: 0dbc883e470b2249eb643152d823faa68068bb11c5a9a26e2bcd97fe1a838d1c
                                                                                                          • Opcode Fuzzy Hash: 65980c4a14a9871d6bac9233cf5b7037d206056ce82985e928ad27d3288e4fa8
                                                                                                          • Instruction Fuzzy Hash: A2D05E346002814FC725DB0CC6D4F5937D5AF80718F0A44E8AC108B762C7A4D8D0CA40