Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
build.exe

Overview

General Information

Sample name:build.exe
Analysis ID:1570969
MD5:dfefdd2e554fd23f3b87f68c3e0f9622
SHA1:8be107d3c7e0aba6346ccdac289e29e3a8127af2
SHA256:f47c2bb84ce619d0d69445b0a1dce760482f2dd508815ba2667bab5c3a3541e9
Tags:exeRedLineStealeruser-aachum
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected RedLine Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • build.exe (PID: 6508 cmdline: "C:\Users\user\Desktop\build.exe" MD5: DFEFDD2E554FD23F3B87F68C3E0F9622)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": ["78.70.235.238:1912"], "Bot Id": "l3monlogs", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
build.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security

    PCAP (Network Traffic)

    SourceRuleDescriptionAuthorStrings
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
      dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.1667956540.00000000001C2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              Process Memory Space: build.exe PID: 6508JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Process Memory Space: build.exe PID: 6508JoeSecurity_RedLineYara detected RedLine StealerJoe Security

                  Unpacked PEs

                  SourceRuleDescriptionAuthorStrings
                  0.0.build.exe.1c0000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-08T15:05:58.077421+010020432341A Network Trojan was detected78.70.235.2381912192.168.2.449730TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-08T15:05:57.672919+010020432311A Network Trojan was detected192.168.2.44973078.70.235.2381912TCP
                    2024-12-08T15:06:03.136441+010020432311A Network Trojan was detected192.168.2.44973078.70.235.2381912TCP
                    2024-12-08T15:06:06.371336+010020432311A Network Trojan was detected192.168.2.44973078.70.235.2381912TCP
                    2024-12-08T15:06:06.805609+010020432311A Network Trojan was detected192.168.2.44973078.70.235.2381912TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-08T15:06:03.665319+010020460561A Network Trojan was detected78.70.235.2381912192.168.2.449730TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-08T15:05:57.672919+010020460451A Network Trojan was detected192.168.2.44973078.70.235.2381912TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: build.exeMalware Configuration Extractor: RedLine {"C2 url": ["78.70.235.238:1912"], "Bot Id": "l3monlogs", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                    Multi AV Scanner detection for submitted file
                    Source: build.exeReversingLabs: Detection: 87%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                    Machine Learning detection for sample
                    Source: build.exeJoe Sandbox ML: detected
                    Source: build.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: build.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.4:49730 -> 78.70.235.238:1912
                    Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.4:49730 -> 78.70.235.238:1912
                    Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 78.70.235.238:1912 -> 192.168.2.4:49730
                    Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 78.70.235.238:1912 -> 192.168.2.4:49730
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 78.70.235.238:1912
                    Source: global trafficTCP traffic: 192.168.2.4:49730 -> 78.70.235.238:1912
                    Source: Joe Sandbox ViewASN Name: TELIANET-SWEDENTeliaCompanySE TELIANET-SWEDENTeliaCompanySE
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: unknownTCP traffic detected without corresponding DNS query: 78.70.235.238
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                    Source: build.exe, 00000000.00000002.1784260335.00000000007CE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000028F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                    Source: build.exe, 00000000.00000002.1785220407.00000000028F1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000028F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                    Source: build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: build.exeString found in binary or memory: https://api.ip.sb/ip
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                    Source: C:\Users\user\Desktop\build.exeCode function: 0_2_024DDC740_2_024DDC74
                    Source: build.exe, 00000000.00000000.1668000119.0000000000206000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs build.exe
                    Source: build.exe, 00000000.00000002.1784655916.00000000009AE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefirefox.exe0 vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq,\\StringFileInfo\\000004B0\\OriginalFilename vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamechrome.exe< vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq,\\StringFileInfo\\040904B0\\OriginalFilename vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXE.MUID vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameIEXPLORE.EXED vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: $kq,\\StringFileInfo\\080904B0\\OriginalFilename vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.00000000028CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsedge.exe> vs build.exe
                    Source: build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs build.exe
                    Source: build.exeBinary or memory string: OriginalFilenameSteanings.exe8 vs build.exe
                    Source: build.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                    Source: C:\Users\user\Desktop\build.exeFile created: C:\Users\user\AppData\Local\SystemCacheJump to behavior
                    Source: C:\Users\user\Desktop\build.exeMutant created: NULL
                    Source: build.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: build.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                    Source: C:\Users\user\Desktop\build.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: build.exeReversingLabs: Detection: 87%
                    Source: C:\Users\user\Desktop\build.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: rstrtmgr.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\build.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                    Source: build.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: build.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: build.exeStatic PE information: 0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                    Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                    Source: C:\Users\user\Desktop\build.exeMemory allocated: 2490000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\build.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\build.exeMemory allocated: 2610000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\build.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeWindow / User API: threadDelayed 1203Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeWindow / User API: threadDelayed 2508Jump to behavior
                    Source: C:\Users\user\Desktop\build.exe TID: 3492Thread sleep time: -12912720851596678s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\build.exe TID: 6568Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\build.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: build.exe, 00000000.00000002.1784655916.00000000009E7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\build.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\build.exeMemory allocated: page read and write | page guardJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Users\user\Desktop\build.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\build.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                    Source: C:\Users\user\Desktop\build.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: build.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.build.exe.1c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1667956540.00000000001C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: build.exe PID: 6508, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Tries to steal Crypto Currency Wallets
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                    Source: C:\Users\user\Desktop\build.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                    Source: Yara matchFile source: 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: build.exe PID: 6508, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected RedLine Stealer
                    Source: Yara matchFile source: dump.pcap, type: PCAP
                    Source: Yara matchFile source: build.exe, type: SAMPLE
                    Source: Yara matchFile source: 0.0.build.exe.1c0000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000000.1667956540.00000000001C2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: build.exe PID: 6508, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		221
                    Security Software Discovery                    		Remote Services1
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                    Disable or Modify Tools                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop Protocol2
                    Data from Local System                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                    Virtualization/Sandbox Evasion                    		Security Account Manager241
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Timestomp                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets113
                    System Information Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    build.exe88%ReversingLabsByteCode-MSIL.Trojan.RedLineStealz
                    build.exe100%Joe Sandbox ML

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://purl.oen0%Avira URL Cloudsafe
                    78.70.235.238:19120%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    78.70.235.238:1912true
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Textbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2005/02/sc/sctbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/ac/?q=build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://tempuri.org/Entity/Id23ResponseDbuild.exe, 00000000.00000002.1785220407.00000000028F1000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://tempuri.org/Entity/Id12Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://tempuri.org/Entity/Id2Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/Entity/Id21Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrapbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://tempuri.org/Entity/Id9build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://tempuri.org/Entity/Id8build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/Entity/Id5build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Preparebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://tempuri.org/Entity/Id4build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Entity/Id7build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://purl.oenbuild.exe, 00000000.00000002.1784260335.00000000007CE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://tempuri.org/Entity/Id6build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://tempuri.org/Entity/Id19Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issuebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Abortedbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/faultbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsatbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://tempuri.org/Entity/Id15Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renewbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/Registerbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://tempuri.org/Entity/Id6Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://api.ip.sb/ipbuild.exefalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/scbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://tempuri.org/Entity/Id1ResponseDbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancelbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Entity/Id9Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://tempuri.org/Entity/Id20build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tempuri.org/Entity/Id21build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://tempuri.org/Entity/Id22build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Entity/Id23build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Entity/Id24build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issuebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://tempuri.org/Entity/Id24Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.ecosia.org/newtab/build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tempuri.org/Entity/Id1Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedbuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Replaybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegobuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binarybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressingbuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Completionbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trustbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/Entity/Id10build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tempuri.org/Entity/Id11build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://tempuri.org/Entity/Id12build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://tempuri.org/Entity/Id16Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancelbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tempuri.org/Entity/Id13build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://tempuri.org/Entity/Id14build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://tempuri.org/Entity/Id15build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://tempuri.org/Entity/Id16build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/Noncebuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://tempuri.org/Entity/Id17build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://tempuri.org/Entity/Id18build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://tempuri.org/Entity/Id5Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://tempuri.org/Entity/Id19build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsbuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://tempuri.org/Entity/Id10Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/Renewbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://tempuri.org/Entity/Id8Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2006/02/addressingidentitybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/soap/envelope/build.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeybuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=build.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trustbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://duckduckgo.com/chrome_newtabSbuild.exe, 00000000.00000002.1785220407.0000000002C8D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollbackbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://tempuri.org/Entity/Id3ResponseDbuild.exe, 00000000.00000002.1785220407.00000000028F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://tempuri.org/Entity/Id23Responsebuild.exe, 00000000.00000002.1785220407.00000000026F1000.00000004.00000800.00020000.00000000.sdmp, build.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTbuild.exe, 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high

                                                                                                                                                                                                                        World Map of Contacted IPs

                                                                                                                                                                                                                        • No. of IPs < 25%
                                                                                                                                                                                                                        • 25% < No. of IPs < 50%
                                                                                                                                                                                                                        • 50% < No. of IPs < 75%
                                                                                                                                                                                                                        • 75% < No. of IPs

                                                                                                                                                                                                                        Public IPs

                                                                                                                                                                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                        78.70.235.238
                                                                                                                                                                                                                        		unknownSweden
                                                                                                                                                                                                                        		3301TELIANET-SWEDENTeliaCompanySEtrue

                                                                                                                                                                                                                        General Information

                                                                                                                                                                                                                        Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                        Analysis ID:1570969
                                                                                                                                                                                                                        Start date and time:2024-12-08 15:05:03 +01:00
                                                                                                                                                                                                                        Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                        Overall analysis duration:0h 2m 19s
                                                                                                                                                                                                                        Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                        Report type:full
                                                                                                                                                                                                                        Cookbook file name:default.jbs
                                                                                                                                                                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                        Number of analysed new started processes analysed:2
                                                                                                                                                                                                                        Number of new started drivers analysed:0
                                                                                                                                                                                                                        Number of existing processes analysed:0
                                                                                                                                                                                                                        Number of existing drivers analysed:0
                                                                                                                                                                                                                        Number of injected processes analysed:0
                                                                                                                                                                                                                        Technologies:
                                                                                                                                                                                                                        • HCA enabled
                                                                                                                                                                                                                        • EGA enabled
                                                                                                                                                                                                                        • AMSI enabled
                                                                                                                                                                                                                        Analysis Mode:default
                                                                                                                                                                                                                        Analysis stop reason:Timeout
                                                                                                                                                                                                                        Sample name:build.exe
                                                                                                                                                                                                                        Detection:MAL
                                                                                                                                                                                                                        Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                                                                                                        EGA Information:
                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                        HCA Information:
                                                                                                                                                                                                                        • Successful, ratio: 100%
                                                                                                                                                                                                                        • Number of executed functions: 14
                                                                                                                                                                                                                        • Number of non-executed functions: 1
                                                                                                                                                                                                                        Cookbook Comments:
                                                                                                                                                                                                                        • Found application associated with file extension: .exe
                                                                                                                                                                                                                        • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                        Warnings

                                                                                                                                                                                                                        • Exclude process from analysis (whitelisted): SIHClient.exe
                                                                                                                                                                                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com
                                                                                                                                                                                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                        • VT rate limit hit for: build.exe

                                                                                                                                                                                                                        Simulations

                                                                                                                                                                                                                        Behavior and APIs

                                                                                                                                                                                                                        TimeTypeDescription
                                                                                                                                                                                                                        09:06:03API Interceptor21x Sleep call for process: build.exe modified

                                                                                                                                                                                                                        Joe Sandbox View / Context

                                                                                                                                                                                                                        IPs

                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                        78.70.235.238OXrZ6fj4Hq.exeGet hashmaliciousNeshta, Oski Stealer, StormKitty, SugarDump, Vidar, XWormBrowse
                                                                                                                                                                                                                          mgHpGWB37W.exeGet hashmaliciousRedLineBrowse

                                                                                                                                                                                                                            Domains

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            ASNs

                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                            TELIANET-SWEDENTeliaCompanySEmeerkat.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 90.230.133.78
                                                                                                                                                                                                                            meerkat.arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 147.13.236.157
                                                                                                                                                                                                                            jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 147.13.249.90
                                                                                                                                                                                                                            jmhgeojeri.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 2.252.178.113
                                                                                                                                                                                                                            akcqrfutuo.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 90.232.44.27
                                                                                                                                                                                                                            home.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                                                                                                                                                            • 2.251.105.70
                                                                                                                                                                                                                            home.arm.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                                                                                                                                                            • 78.64.30.110
                                                                                                                                                                                                                            jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                            • 90.230.39.157
                                                                                                                                                                                                                            arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 95.193.59.249
                                                                                                                                                                                                                            jew.arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                            • 194.23.194.71

                                                                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Dropped Files

                                                                                                                                                                                                                            No context

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\build.exe.log

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\build.exe
                                                                                                                                                                                                                            File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3094
                                                                                                                                                                                                                            Entropy (8bit):5.33145931749415
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:Pq5qHwCYqh3oPtI6eqzxP0aymTqdqlq7qqjqcEZ5D:Pq5qHwCYqh3qtI6eqzxP0atTqdqlq7qV
                                                                                                                                                                                                                            MD5:3FD5C0634443FB2EF2796B9636159CB6
                                                                                                                                                                                                                            SHA1:366DDE94AEFCFFFAB8E03AD8B448E05D7489EB48
                                                                                                                                                                                                                            SHA-256:58307E94C67E2348F5A838DE4FF668983B38B7E9A3B1D61535D3A392814A57D6
                                                                                                                                                                                                                            SHA-512:8535E7C0777C6B0876936D84BDE2BDC59963CF0954D4E50D65808E6E806E8B131DF5DB8FA0E030FAE2702143A7C3A70698A2B9A80519C9E2FFC286A71F0B797C
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Reputation:high, very likely benign file
                                                                                                                                                                                                                            Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):5.081385717584516
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                            • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                            File name:build.exe
                                                                                                                                                                                                                            File size:307'712 bytes
                                                                                                                                                                                                                            MD5:dfefdd2e554fd23f3b87f68c3e0f9622
                                                                                                                                                                                                                            SHA1:8be107d3c7e0aba6346ccdac289e29e3a8127af2
                                                                                                                                                                                                                            SHA256:f47c2bb84ce619d0d69445b0a1dce760482f2dd508815ba2667bab5c3a3541e9
                                                                                                                                                                                                                            SHA512:8f11525da059c6aa655d5ad2c41f89ce535ebb7a2bd4d7ce197c2ea244f28947e2338b1f97378130179490e49fd73402ee3dcdc507901f48b41ce9acf79ca182
                                                                                                                                                                                                                            SSDEEP:3072:OcZqf7D34bp/0+mA6ky4mEQog8JB1fA0PuTVAtkxzr3RgeqiOL2bBOA:OcZqf7DIFnGfsB1fA0GTV8kZgL
                                                                                                                                                                                                                            TLSH:B2645A5833E8C910DA7F4775D861D67093B0BCA3A552E70B4FC4ACAB3D32740EA50AB6
                                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....H(...............0.................. ... ....@.. ....................... ............@................................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:4d8ea38d85a38e6d

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x43029e
                                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                            DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                            Time Stamp:0xD22848DC [Tue Sep 23 12:17:32 2081 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                            Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                            jmp dword ptr [00402000h]
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al
                                                                                                                                                                                                                            add byte ptr [eax], al

                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x302480x53.text
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x320000x1c9c6.rsrc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x500000xc.reloc
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                            .text0x20000x2e2a40x2e4008459de5d2a039aedb931e431c84e7c3eFalse0.47478885135135135data6.18628062971852IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .rsrc0x320000x1c9c60x1ca00a8cf3f8ff27a4a736ba8fb433d91107fFalse0.2380765556768559data2.615031395625776IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                            .reloc0x500000xc0x200ad0a6b4525092f96ee7808055cdae654False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                            RT_ICON0x322200x3d04PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9934058898847631
                                                                                                                                                                                                                            RT_ICON0x35f240x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 2835 x 2835 px/m0.09013072282030049
                                                                                                                                                                                                                            RT_ICON0x4674c0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384, resolution 2835 x 2835 px/m0.13905290505432216
                                                                                                                                                                                                                            RT_ICON0x4a9740x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216, resolution 2835 x 2835 px/m0.17033195020746889
                                                                                                                                                                                                                            RT_ICON0x4cf1c0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m0.2045028142589118
                                                                                                                                                                                                                            RT_ICON0x4dfc40x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024, resolution 2835 x 2835 px/m0.24645390070921985
                                                                                                                                                                                                                            RT_GROUP_ICON0x4e42c0x5adata0.7666666666666667
                                                                                                                                                                                                                            RT_VERSION0x4e4880x352data0.4447058823529412
                                                                                                                                                                                                                            RT_MANIFEST0x4e7dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                            mscoree.dll_CorExeMain

                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                            2024-12-08T15:05:57.672919+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973078.70.235.2381912TCP
                                                                                                                                                                                                                            2024-12-08T15:05:57.672919+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.44973078.70.235.2381912TCP
                                                                                                                                                                                                                            2024-12-08T15:05:58.077421+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response178.70.235.2381912192.168.2.449730TCP
                                                                                                                                                                                                                            2024-12-08T15:06:03.136441+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973078.70.235.2381912TCP
                                                                                                                                                                                                                            2024-12-08T15:06:03.665319+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)178.70.235.2381912192.168.2.449730TCP
                                                                                                                                                                                                                            2024-12-08T15:06:06.371336+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973078.70.235.2381912TCP
                                                                                                                                                                                                                            2024-12-08T15:06:06.805609+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.44973078.70.235.2381912TCP

                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                            Dec 8, 2024 15:05:56.105886936 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:05:56.225562096 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:05:56.225661993 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:05:56.233915091 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:05:56.353198051 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:05:57.491250992 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:05:57.536016941 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:05:57.672919035 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:05:57.792361975 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:05:58.077420950 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:05:58.129720926 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.136440992 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.257009983 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.546165943 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.546184063 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.546195030 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.546231031 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.546232939 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.546277046 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.665318966 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:03.707859039 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.766613007 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886425018 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886436939 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886488914 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886511087 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886544943 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886598110 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886662006 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886672020 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886713028 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886797905 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886843920 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886907101 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886917114 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886925936 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886950016 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:04.886977911 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006081104 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006165028 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006180048 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006238937 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006310940 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006321907 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006375074 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006473064 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006556034 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006808043 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006818056 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006897926 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006938934 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006992102 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.006995916 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.007006884 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.007065058 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.007118940 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.007344961 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.125674009 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.125745058 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.125803947 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.125910997 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126008987 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126064062 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126216888 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126276970 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126303911 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126358032 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126485109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126524925 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126539946 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126569986 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126611948 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126665115 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126709938 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126738071 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126751900 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126802921 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126888037 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126889944 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126899958 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126910925 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126945972 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.126959085 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127033949 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127043009 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127078056 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127084017 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127087116 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127103090 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127136946 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127155066 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127163887 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127207994 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127247095 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127257109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127306938 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127319098 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127343893 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127352953 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.127402067 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245491028 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245503902 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245544910 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245570898 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245621920 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245742083 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245750904 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245762110 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245781898 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245790958 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245805025 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245821953 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245831013 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245850086 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245874882 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245907068 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245915890 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245951891 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.245970011 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246112108 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246150970 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246160030 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246212959 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246249914 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246259928 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246354103 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246362925 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246397972 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246510029 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246517897 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246587038 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246598959 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246722937 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246793985 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246803999 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.246819019 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.247966051 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.247975111 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.247982979 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.247992039 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248002052 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248011112 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248027086 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248035908 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248049021 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248058081 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248064995 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248075008 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248081923 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248090029 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248105049 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248114109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248121977 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248159885 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248194933 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248203993 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248236895 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248290062 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248294115 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248298883 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248327017 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248409986 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248419046 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248426914 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248512030 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248526096 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248548985 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248697042 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248708010 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248711109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248728991 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248763084 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248819113 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248828888 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.248878956 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.249005079 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.249013901 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.249022007 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.249088049 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365061045 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365072012 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365140915 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365228891 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365238905 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365247011 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365339041 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365348101 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365423918 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365447998 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365457058 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365466118 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365576982 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365585089 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365638018 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365722895 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365731955 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365741968 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365902901 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.365911961 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.366142035 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.366202116 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367604971 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367789030 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367799044 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367808104 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367815971 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367918968 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367928028 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.367994070 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368002892 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368103027 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368112087 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368247986 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368362904 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368372917 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368381023 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368443012 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368453026 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368583918 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368671894 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368717909 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368727922 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368814945 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368823051 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368832111 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368837118 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368865013 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368913889 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368922949 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.368947029 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369153023 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369280100 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369287968 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369297981 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369376898 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369388103 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369471073 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369479895 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369518042 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369527102 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369636059 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369645119 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369671106 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369684935 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369692087 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369729042 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369739056 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369746923 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369868994 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369915009 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369929075 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369945049 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369986057 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.369995117 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.373389006 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.373580933 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.373639107 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485533953 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485614061 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485652924 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485730886 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485738993 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485747099 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485831022 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485934019 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485944033 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485950947 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.485960007 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486052990 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486129999 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486139059 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486251116 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486329079 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486337900 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486404896 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486414909 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486422062 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486519098 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486604929 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486617088 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486624002 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486687899 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486696959 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486834049 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486845970 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486917019 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.486924887 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487010956 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487061024 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487158060 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487257004 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487266064 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487272978 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487322092 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487329960 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487430096 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487438917 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487505913 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487514973 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487521887 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487560987 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487682104 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487694025 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487700939 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487732887 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487740993 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487819910 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487875938 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487930059 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487966061 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.487974882 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.488154888 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.488209963 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493136883 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493161917 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493196011 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493205070 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493264914 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493314981 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493323088 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493371010 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493405104 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493417025 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493494987 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493545055 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493628025 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493726969 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493735075 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493779898 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493827105 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493834972 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493879080 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493938923 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.493978024 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494055033 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494062901 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494076967 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494198084 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494205952 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494277954 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494292974 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494298935 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494313002 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494321108 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494503975 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494509935 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494556904 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494602919 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494654894 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494663954 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494775057 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494784117 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494869947 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494879007 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.494913101 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495007038 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495014906 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495022058 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495048046 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495055914 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495107889 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495151997 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495160103 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495167017 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495250940 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495259047 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495270014 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495461941 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.495522976 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.607621908 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.607634068 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.607753038 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.607805014 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.607814074 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.607841015 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.607906103 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608022928 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608032942 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608089924 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608098984 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608108997 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608151913 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608160973 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608302116 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608310938 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608346939 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608356953 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608459949 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608470917 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608599901 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608608961 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608728886 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608737946 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608776093 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608784914 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608899117 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.608910084 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609020948 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609030008 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609064102 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609143019 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609153032 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609162092 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609178066 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609186888 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609260082 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609316111 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609325886 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609437943 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609447002 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609455109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609517097 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609527111 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609534979 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609544039 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609621048 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609630108 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609677076 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609685898 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609694004 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609780073 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609788895 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.609797001 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.610080957 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.610150099 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.614913940 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615003109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615098000 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615107059 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615252972 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615336895 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615381956 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615417957 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615505934 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615546942 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615748882 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615791082 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615878105 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615885973 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.615999937 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616086960 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616241932 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616261959 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616389036 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616400957 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616471052 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616595984 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616604090 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616617918 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616699934 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616708040 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616794109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616911888 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616919994 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.616934061 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617027044 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617034912 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617131948 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617172956 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617296934 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617305040 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617424965 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617433071 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617439985 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617646933 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617655039 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617662907 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617671013 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617846966 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617855072 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617861032 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.617868900 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618099928 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618108034 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618114948 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618124008 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618132114 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618150949 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618263006 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618444920 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.618484974 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729480982 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729546070 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729554892 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729562998 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729578018 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729587078 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729743004 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729780912 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729840040 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.729847908 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730078936 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730113029 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730120897 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730129957 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730138063 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730144978 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730178118 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730251074 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730259895 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730299950 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730365038 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730374098 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730416059 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730424881 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730535984 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730545998 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730554104 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730562925 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730572939 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730581045 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730669022 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730676889 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730685949 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730746031 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.730753899 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731139898 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731149912 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731153011 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731161118 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731169939 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731180906 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731189966 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731197119 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731211901 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731228113 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731235981 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731246948 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731256008 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731262922 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731369972 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731379032 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731386900 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731395006 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731403112 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731676102 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.731746912 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738007069 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738162994 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738172054 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738179922 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738219976 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738229036 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738271952 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738281012 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738295078 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738333941 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738347054 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738357067 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738368034 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738440037 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738476038 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738524914 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738569021 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738646030 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738658905 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738667965 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738679886 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738687992 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738774061 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738782883 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738914967 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738924026 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738933086 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.738943100 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739007950 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739296913 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739305973 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739320993 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739332914 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739473104 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739481926 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739523888 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739609957 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739619017 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739650965 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.739782095 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851097107 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851166964 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851247072 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851303101 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851392031 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851399899 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851500034 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851620913 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851805925 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851834059 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851927996 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851936102 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.851977110 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852056026 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852164984 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852236032 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852318048 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852390051 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852399111 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852406025 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852415085 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852510929 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852519035 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852575064 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852631092 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852713108 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.852720976 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.859128952 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.859169960 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.859255075 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.859354019 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.859457970 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.859467030 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.859505892 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:05.870132923 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:06.370726109 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:06.371335983 CET497301912192.168.2.478.70.235.238
                                                                                                                                                                                                                            Dec 8, 2024 15:06:06.490827084 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:06.775859118 CET19124973078.70.235.238192.168.2.4
                                                                                                                                                                                                                            Dec 8, 2024 15:06:06.805608988 CET497301912192.168.2.478.70.235.238

                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                            Start time:09:05:53
                                                                                                                                                                                                                            Start date:08/12/2024
                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\build.exe
                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\build.exe"
                                                                                                                                                                                                                            Imagebase:0x1c0000
                                                                                                                                                                                                                            File size:307'712 bytes
                                                                                                                                                                                                                            MD5 hash:DFEFDD2E554FD23F3B87F68C3E0F9622
                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.1667956540.00000000001C2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1785220407.0000000002786000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                              Execution Coverage:8.1%
                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                              Signature Coverage:0%
                                                                                                                                                                                                                              Total number of Nodes:38
                                                                                                                                                                                                                              Total number of Limit Nodes:7
                                                                                                                                                                                                                              execution_graph 14369 24d4668 14370 24d4684 14369->14370 14371 24d4696 14370->14371 14373 24d47a0 14370->14373 14374 24d47c5 14373->14374 14378 24d48a1 14374->14378 14382 24d48b0 14374->14382 14379 24d48d7 14378->14379 14381 24d49b4 14379->14381 14386 24d4248 14379->14386 14384 24d48d7 14382->14384 14383 24d49b4 14383->14383 14384->14383 14385 24d4248 CreateActCtxA 14384->14385 14385->14383 14387 24d5940 CreateActCtxA 14386->14387 14389 24d5a03 14387->14389 14390 24dad38 14391 24dad47 14390->14391 14394 24dae20 14390->14394 14399 24dae30 14390->14399 14395 24dae64 14394->14395 14396 24dae41 14394->14396 14395->14391 14396->14395 14397 24db068 GetModuleHandleW 14396->14397 14398 24db095 14397->14398 14398->14391 14400 24dae64 14399->14400 14401 24dae41 14399->14401 14400->14391 14401->14400 14402 24db068 GetModuleHandleW 14401->14402 14403 24db095 14402->14403 14403->14391 14404 24dd0b8 14405 24dd0fe GetCurrentProcess 14404->14405 14407 24dd149 14405->14407 14408 24dd150 GetCurrentThread 14405->14408 14407->14408 14409 24dd18d GetCurrentProcess 14408->14409 14410 24dd186 14408->14410 14411 24dd1c3 14409->14411 14410->14409 14412 24dd1eb GetCurrentThreadId 14411->14412 14413 24dd21c 14412->14413 14414 24dd300 DuplicateHandle 14415 24dd396 14414->14415

                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                              Function 024DD0A8 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 294 24dd0a8-24dd147 GetCurrentProcess 298 24dd149-24dd14f 294->298 299 24dd150-24dd184 GetCurrentThread 294->299 298->299 300 24dd18d-24dd1c1 GetCurrentProcess 299->300 301 24dd186-24dd18c 299->301 302 24dd1ca-24dd1e5 call 24dd289 300->302 303 24dd1c3-24dd1c9 300->303 301->300 307 24dd1eb-24dd21a GetCurrentThreadId 302->307 303->302 308 24dd21c-24dd222 307->308 309 24dd223-24dd285 307->309 308->309
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 024DD136
                                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 024DD173
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 024DD1B0
                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 024DD209
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Current$ProcessThread
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2063062207-0
                                                                                                                                                                                                                              • Opcode ID: 3920544ee7b2e282016820bd851499597167acc57e6c030a52d483acf2251303
                                                                                                                                                                                                                              • Instruction ID: 535708497b8406e9d6e3e00ca314b78de3b3277269db667f313b088876ee71f8
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3920544ee7b2e282016820bd851499597167acc57e6c030a52d483acf2251303
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C55148B1900349CFDB15DFA9D54879EBBF1EF48314F20C45AE419AB3A0DB349984CB65
                                                                                                                                                                                                                              Function 024DD0B8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 316 24dd0b8-24dd147 GetCurrentProcess 320 24dd149-24dd14f 316->320 321 24dd150-24dd184 GetCurrentThread 316->321 320->321 322 24dd18d-24dd1c1 GetCurrentProcess 321->322 323 24dd186-24dd18c 321->323 324 24dd1ca-24dd1e5 call 24dd289 322->324 325 24dd1c3-24dd1c9 322->325 323->322 329 24dd1eb-24dd21a GetCurrentThreadId 324->329 325->324 330 24dd21c-24dd222 329->330 331 24dd223-24dd285 329->331 330->331
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 024DD136
                                                                                                                                                                                                                              • GetCurrentThread.KERNEL32 ref: 024DD173
                                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32 ref: 024DD1B0
                                                                                                                                                                                                                              • GetCurrentThreadId.KERNEL32 ref: 024DD209
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Current$ProcessThread
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2063062207-0
                                                                                                                                                                                                                              • Opcode ID: e2127b6df537712f7d7c55ad3bf20043e3dc727c15dd1c74751bf31da79a6a8b
                                                                                                                                                                                                                              • Instruction ID: 760e8a06bf25c92fb2b18a98618480822bbe67ff9c93264d391e8272de371781
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e2127b6df537712f7d7c55ad3bf20043e3dc727c15dd1c74751bf31da79a6a8b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B65134B1900209CFDB15DFAAD548B9EBBF1EF48314F20C45AE419A73A0DB34A984CB65
                                                                                                                                                                                                                              Function 024DAE30 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 360 24dae30-24dae3f 361 24dae6b-24dae6f 360->361 362 24dae41-24dae4e call 24d9838 360->362 363 24dae71-24dae7b 361->363 364 24dae83-24daec4 361->364 369 24dae64 362->369 370 24dae50 362->370 363->364 371 24daec6-24daece 364->371 372 24daed1-24daedf 364->372 369->361 417 24dae56 call 24db0c8 370->417 418 24dae56 call 24db0b8 370->418 371->372 373 24daee1-24daee6 372->373 374 24daf03-24daf05 372->374 376 24daee8-24daeef call 24da814 373->376 377 24daef1 373->377 378 24daf08-24daf0f 374->378 375 24dae5c-24dae5e 375->369 379 24dafa0-24dafb7 375->379 383 24daef3-24daf01 376->383 377->383 380 24daf1c-24daf23 378->380 381 24daf11-24daf19 378->381 393 24dafb9-24db018 379->393 384 24daf25-24daf2d 380->384 385 24daf30-24daf39 call 24da824 380->385 381->380 383->378 384->385 391 24daf3b-24daf43 385->391 392 24daf46-24daf4b 385->392 391->392 394 24daf4d-24daf54 392->394 395 24daf69-24daf76 392->395 411 24db01a-24db060 393->411 394->395 397 24daf56-24daf66 call 24da834 call 24da844 394->397 400 24daf99-24daf9f 395->400 401 24daf78-24daf96 395->401 397->395 401->400 412 24db068-24db093 GetModuleHandleW 411->412 413 24db062-24db065 411->413 414 24db09c-24db0b0 412->414 415 24db095-24db09b 412->415 413->412 415->414 417->375 418->375
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 024DB086
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                                                                                              • Opcode ID: f0ede205a9985b3e1ababa086b2943c741cc89976d07b7b68661ad58b0704968
                                                                                                                                                                                                                              • Instruction ID: dbcc7c060d9612130aa4bc9010b49ba92c595aba7dc0203ba9a4eec5efb1e0ad
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f0ede205a9985b3e1ababa086b2943c741cc89976d07b7b68661ad58b0704968
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3071F1B0A00B158FDB24DF2AD15475ABBF1FB88304F04896EE48A97B50DB75E949CB90
                                                                                                                                                                                                                              Function 024D5935 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 419 24d5935-24d593e 420 24d5940-24d5a01 CreateActCtxA 419->420 422 24d5a0a-24d5a64 420->422 423 24d5a03-24d5a09 420->423 430 24d5a66-24d5a69 422->430 431 24d5a73-24d5a77 422->431 423->422 430->431 432 24d5a79-24d5a85 431->432 433 24d5a88 431->433 432->433 435 24d5a89 433->435 435->435
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 024D59F1
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Create
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                                                                                              • Opcode ID: 192e38d7e33f1f455b20476c366cf4637998417ff6846f1c48182387605f3213
                                                                                                                                                                                                                              • Instruction ID: f75324fab35176506d31e80a8be4418fee9371a2d9e6ef2c4e61de8e343174e2
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 192e38d7e33f1f455b20476c366cf4637998417ff6846f1c48182387605f3213
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A341D3B0D00629CFDB14CFA9C98479EBBB5FF45314F24809AD408AB255DB756989CF90
                                                                                                                                                                                                                              Function 024D4248 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 436 24d4248-24d5a01 CreateActCtxA 439 24d5a0a-24d5a64 436->439 440 24d5a03-24d5a09 436->440 447 24d5a66-24d5a69 439->447 448 24d5a73-24d5a77 439->448 440->439 447->448 449 24d5a79-24d5a85 448->449 450 24d5a88 448->450 449->450 452 24d5a89 450->452 452->452
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • CreateActCtxA.KERNEL32(?), ref: 024D59F1
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: Create
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 2289755597-0
                                                                                                                                                                                                                              • Opcode ID: 8f6d6116191e8243cd35a039e0403bc1fb8867207af53fa4ed5184030592e0f8
                                                                                                                                                                                                                              • Instruction ID: f28e11b7b6da47918a793a9c0ba2b36b78784d16060e52e28dd95ddead46eeb1
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f6d6116191e8243cd35a039e0403bc1fb8867207af53fa4ed5184030592e0f8
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3541F2B0D00729CFDB24CFA9C844B8EBBB5FF49314F20809AD408AB255DB756989CF90
                                                                                                                                                                                                                              Function 024DD2F9 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 453 24dd2f9-24dd394 DuplicateHandle 454 24dd39d-24dd3ba 453->454 455 24dd396-24dd39c 453->455 455->454
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 024DD387
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                                                                                                              • Opcode ID: 3afde1d5b25289ff3b4cffc21a9b4841cf7bac4a9f19cbec383d5dccfd498744
                                                                                                                                                                                                                              • Instruction ID: bc195f3f9b2d108a0eb4786adab4668a1b47a9058f98cada45f348ad6d33c693
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3afde1d5b25289ff3b4cffc21a9b4841cf7bac4a9f19cbec383d5dccfd498744
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC21E0B5D00219DFDB10CFAAD584AEEBBF5FB48324F14841AE918A7350C374A954CFA4
                                                                                                                                                                                                                              Function 024DD300 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 458 24dd300-24dd394 DuplicateHandle 459 24dd39d-24dd3ba 458->459 460 24dd396-24dd39c 458->460 460->459
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 024DD387
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: DuplicateHandle
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 3793708945-0
                                                                                                                                                                                                                              • Opcode ID: b934e6465d983080c64fd4e2a3f8198c6421a7f8e1f948a389eee43c57f29fa4
                                                                                                                                                                                                                              • Instruction ID: f72198816c25829676f276749a16f84b0635eee586c3b19418cb95e99103ed6c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b934e6465d983080c64fd4e2a3f8198c6421a7f8e1f948a389eee43c57f29fa4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE21E3B5900218DFDB10CF9AD584ADEBBF4FB48310F14841AE918A3350D374A944CFA4
                                                                                                                                                                                                                              Function 024DB020 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                              control_flow_graph 463 24db020-24db060 464 24db068-24db093 GetModuleHandleW 463->464 465 24db062-24db065 463->465 466 24db09c-24db0b0 464->466 467 24db095-24db09b 464->467 465->464 467->466
                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                              • GetModuleHandleW.KERNELBASE(00000000), ref: 024DB086
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID: HandleModule
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID: 4139908857-0
                                                                                                                                                                                                                              • Opcode ID: d435d81592f151c3d6c4c8bbeaaa0695e8ddceeb5cc114a68845d744c674163d
                                                                                                                                                                                                                              • Instruction ID: 48d4e035461820c59282c30d02935daad97c07ccb96bcff7cad768a55cf33321
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d435d81592f151c3d6c4c8bbeaaa0695e8ddceeb5cc114a68845d744c674163d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1110FB5C003498FCB20DF9AC444ADEFBF4FB88228F10842AD468B7210C375A549CFA5
                                                                                                                                                                                                                              Function 0095D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784447940.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_95d000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 9856988c26afb5dcd2db822d9b069efb22f1014a8eb50071ef15147332477c2d
                                                                                                                                                                                                                              • Instruction ID: 2db1f6e87a1c7e9918273893fa7e5ff19455e4fe443e9f6e5d643d04834871bb
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9856988c26afb5dcd2db822d9b069efb22f1014a8eb50071ef15147332477c2d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20214271500200DFCB21DF14D9C0B2ABF69FB98319F20C569EC090B25AC33AD84ACBA2
                                                                                                                                                                                                                              Function 0096D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784486033.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_96d000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 37c319060913a7df879c2184356c5d57a782bbfc98279b0e42757902444e00b4
                                                                                                                                                                                                                              • Instruction ID: bee8a7eef39750778e0e68b437a53049fd46eb7950d30e9f8ead4dacc1c9d91f
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37c319060913a7df879c2184356c5d57a782bbfc98279b0e42757902444e00b4
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 33210475A04240DFDB14DF14D9C4B26BFA9FB88314F24C96DE81A4B296C33BD847CAA1
                                                                                                                                                                                                                              Function 0096D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784486033.000000000096D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0096D000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_96d000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 2bb6adb97a9833e5b680fa73ab8f8c55c3f2515400a10d65a782b70c07f27dfc
                                                                                                                                                                                                                              • Instruction ID: e0a0df9807eeba5b961e92576d0af33683925a428db141637dda9c16d2ef58f3
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bb6adb97a9833e5b680fa73ab8f8c55c3f2515400a10d65a782b70c07f27dfc
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99215E755093808FDB12CF24D994B15BF71EB46314F28C5EAD8498F6A7C33A980ACB62
                                                                                                                                                                                                                              Function 0095D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784447940.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_95d000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                              • Instruction ID: a4054b9ab832bf5919886f06b2a44e348a4f9d9efe6536363ff6181a8965a46a
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E311D376504280CFDB16CF14D5C4B16BF71FB94318F24C6A9EC490B65AC336D85ACBA1
                                                                                                                                                                                                                              Function 0095D989 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784447940.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_95d000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: b7e7762a4a17faf913528227749bfbb34ccf11fcb1f1bc5abcc5eeae8c9c767d
                                                                                                                                                                                                                              • Instruction ID: c877aeb7eec27d6679e0ca66181e0f1a8082c0b14debe72943f501e1e68f2c3c
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b7e7762a4a17faf913528227749bfbb34ccf11fcb1f1bc5abcc5eeae8c9c767d
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9301F73100B3409AE720DA1BC984767BF9CEF51325F18C92AED094A286C6799844C772
                                                                                                                                                                                                                              Function 0095D988 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784447940.000000000095D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0095D000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_95d000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: 8a401500237454317d69988720eb168d3e143da33c69d5c862e83a9577ad9447
                                                                                                                                                                                                                              • Instruction ID: a4a85e62e58ea8ef4a7ce24a6d865a6e04611e102208abfaf615a9634aa8a622
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8a401500237454317d69988720eb168d3e143da33c69d5c862e83a9577ad9447
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39F0F671006340AEE7208A1ACCC4B62FFACEF51735F18C55AED484F286C2799C44CBB1

                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                              Function 024DDC74 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                              • Source File: 00000000.00000002.1784956326.00000000024D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024D0000, based on PE: false
                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_24d0000_build.jbxd
                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                              • Opcode ID: f248ff3e0563f93b80d94eaf3620da3413475a1bb60d2b423eba93101cc1c83b
                                                                                                                                                                                                                              • Instruction ID: 9db4122bba2b3f9963ead497c5424adc05a36713a1c0d020be487d99629b0960
                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f248ff3e0563f93b80d94eaf3620da3413475a1bb60d2b423eba93101cc1c83b
                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CDA16A32E00219CFCF19DFB5C89059EB7B2FF85304B15856AE806AB265DB71E955CB80