Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gC0jV08bP3.exe

Overview

General Information

Sample name:gC0jV08bP3.exe
renamed because original name is a hash value
Original sample name:58ed282c74825b5b77132329d2a06868.exe
Analysis ID:1571004
MD5:58ed282c74825b5b77132329d2a06868
SHA1:44e040cc9b0760d929a14e34ff2153fb17a51aa8
SHA256:e1cf672f6bb955a21b742da64c3978241d639e9c2add415b63df73c52b4c1c8f
Tags:exeRedLineStealeruser-abuse_ch
Infos:

Detection

Meduza Stealer, PureLog Stealer, RedLine, zgRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Meduza Stealer
Yara detected PureLog Stealer
Yara detected RedLine Stealer
Yara detected zgRAT
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains very large array initializations
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • gC0jV08bP3.exe (PID: 3752 cmdline: "C:\Users\user\Desktop\gC0jV08bP3.exe" MD5: 58ED282C74825B5B77132329D2A06868)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
NameDescriptionAttributionBlogpost URLsLink
zgRATzgRAT is a Remote Access Trojan malware which sometimes drops other malware such as AgentTesla malware. zgRAT has an inforstealer use which targets browser information and cryptowallets.Usually spreads by USB or phishing emails with -zip/-lnk/.bat/.xlsx attachments and so on.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.zgrat

Malware Configuration

Threatname: RedLine

{"C2 url": ["66.63.187.209:6677"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
gC0jV08bP3.exeJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
    gC0jV08bP3.exeJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
      gC0jV08bP3.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        gC0jV08bP3.exeMALWARE_Win_zgRATDetects zgRATditekSHen
        • 0x45c27:$s1: file:///
        • 0x45b5f:$s2: {11111-22222-10009-11112}
        • 0x45bb7:$s3: {11111-22222-50001-00000}
        • 0x423fa:$s4: get_Module
        • 0x42864:$s5: Reverse
        • 0x45226:$s6: BlockCopy
        • 0x42c23:$s7: ReadByte
        • 0x45c39:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

        PCAP (Network Traffic)

        SourceRuleDescriptionAuthorStrings
        dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
          dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 3 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      0.0.gC0jV08bP3.exe.240000.0.unpackJoeSecurity_zgRAT_1Yara detected zgRATJoe Security
                        0.0.gC0jV08bP3.exe.240000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                          0.0.gC0jV08bP3.exe.240000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                            0.0.gC0jV08bP3.exe.240000.0.unpackMALWARE_Win_zgRATDetects zgRATditekSHen
                            • 0x45c27:$s1: file:///
                            • 0x45b5f:$s2: {11111-22222-10009-11112}
                            • 0x45bb7:$s3: {11111-22222-50001-00000}
                            • 0x423fa:$s4: get_Module
                            • 0x42864:$s5: Reverse
                            • 0x45226:$s6: BlockCopy
                            • 0x42c23:$s7: ReadByte
                            • 0x45c39:$s8: 4C 00 6F 00 63 00 61 00 74 00 69 00 6F 00 6E 00 00 0B 46 00 69 00 6E 00 64 00 20 00 00 13 52 00 65 00 73 00 6F 00 75 00 72 00 63 00 65 00 41 00 00 11 56 00 69 00 72 00 74 00 75 00 61 00 6C 00 ...

                            Sigma Signatures

                            No Sigma rule has matched

                            Suricata Signatures

                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T17:52:00.173804+010020460561A Network Trojan was detected66.63.187.2096677192.168.2.449730TCP
                            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                            2024-12-08T17:51:58.717942+010020460451A Network Trojan was detected192.168.2.44973066.63.187.2096677TCP

                            Joe Sandbox Signatures

                            Click to jump to signature section

                            Show All Signature Results

                            AV Detection

                            barindex
                            Antivirus / Scanner detection for submitted sample
                            Source: gC0jV08bP3.exeAvira: detected
                            Found malware configuration
                            Source: 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": ["66.63.187.209:6677"]}
                            Multi AV Scanner detection for submitted file
                            Source: gC0jV08bP3.exeReversingLabs: Detection: 64%
                            AI detected suspicious sample
                            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                            Machine Learning detection for sample
                            Source: gC0jV08bP3.exeJoe Sandbox ML: detected
                            Source: gC0jV08bP3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: gC0jV08bP3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                            Networking

                            barindex
                            Suricata IDS alerts for network traffic
                            Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.4:49730 -> 66.63.187.209:6677
                            Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 66.63.187.209:6677 -> 192.168.2.4:49730
                            C2 URLs / IPs found in malware configuration
                            Source: Malware configuration extractorURLs: 66.63.187.209:6677
                            Source: global trafficTCP traffic: 192.168.2.4:49730 -> 66.63.187.209:6677
                            Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: unknownTCP traffic detected without corresponding DNS query: 66.63.187.209
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 3IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                            Source: gC0jV08bP3.exe, 00000000.00000002.1882645412.000000001B5F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb$ equals www.youtube.com (Youtube)
                            Source: gC0jV08bP3.exe, 00000000.00000002.1882645412.000000001B5F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qC:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb equals www.youtube.com (Youtube)
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002C2A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: qC:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldbp equals www.youtube.com (Youtube)
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field1
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field1Response
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field2
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field2Response
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field3
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000275E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/example/Field3Response
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000287A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000287A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                            Source: gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                            System Summary

                            barindex
                            Malicious sample detected (through community Yara rule)
                            Source: gC0jV08bP3.exe, type: SAMPLEMatched rule: Detects zgRAT Author: ditekSHen
                            Source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPEMatched rule: Detects zgRAT Author: ditekSHen
                            .NET source code contains very large array initializations
                            Source: gC0jV08bP3.exe, Strings.csLarge array initialization: Strings: array initializer size 6160
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9B8CC45D0_2_00007FFD9B8CC45D
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9B8C16B30_2_00007FFD9B8C16B3
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA2044D0_2_00007FFD9BA2044D
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA1CBC90_2_00007FFD9BA1CBC9
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA212980_2_00007FFD9BA21298
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA18AC70_2_00007FFD9BA18AC7
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA298A90_2_00007FFD9BA298A9
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA2F7F80_2_00007FFD9BA2F7F8
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA160350_2_00007FFD9BA16035
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA26FA10_2_00007FFD9BA26FA1
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA1D5350_2_00007FFD9BA1D535
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA2EBCD0_2_00007FFD9BA2EBCD
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA279350_2_00007FFD9BA27935
                            Source: gC0jV08bP3.exe, 00000000.00000000.1657718776.00000000002CE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGristles.exe" vs gC0jV08bP3.exe
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs gC0jV08bP3.exe
                            Source: gC0jV08bP3.exeBinary or memory string: OriginalFilenameGristles.exe" vs gC0jV08bP3.exe
                            Source: gC0jV08bP3.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                            Source: gC0jV08bP3.exe, type: SAMPLEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_zgRAT author = ditekSHen, description = Detects zgRAT
                            Source: gC0jV08bP3.exe, Strings.csCryptographic APIs: 'CreateDecryptor'
                            Source: gC0jV08bP3.exe, Class4.csCryptographic APIs: 'CreateDecryptor'
                            Source: gC0jV08bP3.exe, Class4.csCryptographic APIs: 'CreateDecryptor'
                            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/1@0/1
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile created: C:\Users\user\AppData\Local\Microsoft\Wind?wsJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeMutant created: NULL
                            Source: gC0jV08bP3.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                            Source: gC0jV08bP3.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                            Source: gC0jV08bP3.exeReversingLabs: Detection: 64%
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: mscoree.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: apphelp.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: kernel.appcore.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: version.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: uxtheme.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: windows.storage.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: wldp.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: profapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: cryptsp.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: rsaenh.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: cryptbase.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: mswsock.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: wbemcomn.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: amsi.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: userenv.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: secur32.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: sspicli.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: edputil.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: windowscodecs.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeSection loaded: dpapi.dllJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                            Source: gC0jV08bP3.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                            Source: gC0jV08bP3.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                            Data Obfuscation

                            barindex
                            .NET source code contains method to dynamically call methods (often used by packers)
                            Source: gC0jV08bP3.exe, Class4.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                            Source: gC0jV08bP3.exeStatic PE information: 0xE3FEC0F4 [Mon Mar 19 06:19:32 2091 UTC]
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9B7F63EE push ss; retf 0_2_00007FFD9B7F63EF
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9B7F5CB0 push edi; iretd 0_2_00007FFD9B7F5CB6
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9B7F00AD pushad ; iretd 0_2_00007FFD9B7F00C1
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9B8C2004 pushad ; retf 0_2_00007FFD9B8C2005
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA1C356 push esi; iretd 0_2_00007FFD9BA1C357
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeCode function: 0_2_00007FFD9BA2BE04 push eax; ret 0_2_00007FFD9BA2BE21
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                            Malware Analysis System Evasion

                            barindex
                            Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                            Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \QEMU-GA.EXE
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeMemory allocated: A20000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeMemory allocated: 1A580000 memory reserve | memory write watchJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWindow / User API: threadDelayed 7967Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWindow / User API: threadDelayed 1866Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exe TID: 2476Thread sleep time: -28592453314249787s >= -30000sJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeThread delayed: delay time: 922337203685477Jump to behavior
                            Source: gC0jV08bP3.exe, 00000000.00000002.1882720265.000000001B60F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllVA
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: \qemu-ga.exe
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess information queried: ProcessInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeProcess token adjusted: DebugJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeMemory allocated: page read and write | page guardJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Users\user\Desktop\gC0jV08bP3.exe VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                            Source: gC0jV08bP3.exe, 00000000.00000002.1882509200.000000001B5C2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                            Stealing of Sensitive Information

                            barindex
                            Yara detected Meduza Stealer
                            Source: Yara matchFile source: Process Memory Space: gC0jV08bP3.exe PID: 3752, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: gC0jV08bP3.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: gC0jV08bP3.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: gC0jV08bP3.exe PID: 3752, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: gC0jV08bP3.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPE
                            Found many strings related to Crypto-Wallets (likely being stolen)
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ElectronCash
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: com.liberty.jaxx
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
                            Source: gC0jV08bP3.exe, 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                            Source: gC0jV08bP3.exe, 00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: set_UseMachineKeyStore
                            Tries to harvest and steal browser information (history, passwords, etc)
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                            Tries to steal Crypto Currency Wallets
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: C:\Users\user\Desktop\gC0jV08bP3.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                            Source: Yara matchFile source: 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: gC0jV08bP3.exe PID: 3752, type: MEMORYSTR

                            Remote Access Functionality

                            barindex
                            Yara detected Meduza Stealer
                            Source: Yara matchFile source: Process Memory Space: gC0jV08bP3.exe PID: 3752, type: MEMORYSTR
                            Yara detected PureLog Stealer
                            Source: Yara matchFile source: gC0jV08bP3.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Yara detected RedLine Stealer
                            Source: Yara matchFile source: dump.pcap, type: PCAP
                            Source: Yara matchFile source: gC0jV08bP3.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPE
                            Source: Yara matchFile source: 00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                            Source: Yara matchFile source: 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                            Source: Yara matchFile source: Process Memory Space: gC0jV08bP3.exe PID: 3752, type: MEMORYSTR
                            Yara detected zgRAT
                            Source: Yara matchFile source: gC0jV08bP3.exe, type: SAMPLE
                            Source: Yara matchFile source: 0.0.gC0jV08bP3.exe.240000.0.unpack, type: UNPACKEDPE

                            Mitre Att&ck Matrix

                            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                            Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                            Windows Management Instrumentation                            		1
                            DLL Side-Loading                            		1
                            DLL Side-Loading                            		1
                            Masquerading                            		1
                            OS Credential Dumping                            		331
                            Security Software Discovery                            		Remote Services11
                            Archive Collected Data                            		1
                            Encrypted Channel                            		Exfiltration Over Other Network MediumAbuse Accessibility Features
                            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                            Disable or Modify Tools                            		LSASS Memory1
                            Process Discovery                            		Remote Desktop Protocol3
                            Data from Local System                            		1
                            Non-Standard Port                            		Exfiltration Over BluetoothNetwork Denial of Service
                            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                            Virtualization/Sandbox Evasion                            		Security Account Manager241
                            Virtualization/Sandbox Evasion                            		SMB/Windows Admin Shares1
                            Clipboard Data                            		1
                            Application Layer Protocol                            		Automated ExfiltrationData Encrypted for Impact
                            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                            Deobfuscate/Decode Files or Information                            		NTDS1
                            Application Window Discovery                            		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                            Obfuscated Files or Information                            		LSA Secrets113
                            System Information Discovery                            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                            Software Packing                            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                            Timestomp                            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                            DLL Side-Loading                            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                            Behavior Graph

                            Hide Legend

                            Legend:

                            • Process
                            • Signature
                            • Created File
                            • DNS/IP Info
                            • Is Dropped
                            • Is Windows Process
                            • Number of created Registry Values
                            • Number of created Files
                            • Visual Basic
                            • Delphi
                            • Java
                            • .Net C# or VB.NET
                            • C, C++ or other language
                            • Is malicious
                            • Internet

                            Screenshots

                            Thumbnails

                            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                            windows-stand

                            Antivirus, Machine Learning and Genetic Malware Detection

                            Initial Sample

                            SourceDetectionScannerLabelLink
                            gC0jV08bP3.exe65%ReversingLabsByteCode-MSIL.Trojan.Jalapeno
                            gC0jV08bP3.exe100%AviraHEUR/AGEN.1312138
                            gC0jV08bP3.exe100%Joe Sandbox ML

                            Dropped Files

                            No Antivirus matches

                            Unpacked PE Files

                            No Antivirus matches

                            Domains

                            No Antivirus matches

                            URLs

                            SourceDetectionScannerLabelLink
                            66.63.187.209:66770%Avira URL Cloudsafe

                            Domains and IPs

                            Contacted Domains

                            No contacted domains info

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            66.63.187.209:6677true
                            • Avira URL Cloud: safe
                            		unknown

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/02/sc/sctgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/chrome_newtabgC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinarygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/PreparegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licensegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssuegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequencegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://discord.com/api/v9/users/gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/faultgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/10/wsatgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://tempuri.org/example/Field1ResponsegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namegC0jV08bP3.exe, 00000000.00000002.1873631303.000000000275E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegistergC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://api.ip.sb/ipgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://schemas.xmlsoap.org/ws/2004/04/scgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssuegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.ecosia.org/newtab/gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplaygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegogC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.w3.ohgC0jV08bP3.exe, 00000000.00000002.1873631303.000000000287A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinarygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://schemas.xmlsoap.org/ws/2004/08/addressinggC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssuegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletiongC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trustgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponsegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/NoncegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RenewgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://tempuri.org/example/Field1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://schemas.xmlsoap.org/ws/2006/02/addressingidentitygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/soap/envelope/gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://tempuri.org/example/Field2gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://tempuri.org/example/Field3gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trustgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/06/addressingexgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoorgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/NoncegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponsegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressing/faultgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKeygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchgC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://www.w3.ogC0jV08bP3.exe, 00000000.00000002.1873631303.000000000287A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              http://tempuri.org/example/Field3ResponsegC0jV08bP3.exe, 00000000.00000002.1873631303.000000000275E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/faultgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/sc/sctgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponsegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/CancelgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgementgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCTgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://www.google.com/images/branding/product/ico/googleg_lodp.icogC0jV08bP3.exe, 00000000.00000002.1879232901.00000000126F2000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.0000000012699000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000127A4000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.00000000125BF000.00000004.00000800.00020000.00000000.sdmp, gC0jV08bP3.exe, 00000000.00000002.1879232901.000000001274B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1gC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002581000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_WrapgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2002/12/policygC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dkgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/IssuegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/IssuegC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat/CommitgC0jV08bP3.exe, 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high

                                                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                  66.63.187.209
                                                                                                                                                                                                                                  		unknownUnited States
                                                                                                                                                                                                                                  		8100ASN-QUADRANET-GLOBALUStrue

                                                                                                                                                                                                                                  General Information

                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                  Analysis ID:1571004
                                                                                                                                                                                                                                  Start date and time:2024-12-08 17:51:05 +01:00
                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                  Overall analysis duration:0h 3m 16s
                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                  Number of analysed new started processes analysed:4
                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                  Sample name:gC0jV08bP3.exe
                                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                                  Original Sample Name:58ed282c74825b5b77132329d2a06868.exe
                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                  Classification:mal100.troj.spyw.evad.winEXE@1/1@0/1
                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                  • Stop behavior analysis, all processes terminated

                                                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                  • VT rate limit hit for: gC0jV08bP3.exe

                                                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                  11:52:02API Interceptor86x Sleep call for process: gC0jV08bP3.exe modified

                                                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                                                  IPs

                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                  66.63.187.2097xweUz2MYa.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse

                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                    ASN-QUADRANET-GLOBALUS7xweUz2MYa.exeGet hashmaliciousMeduza Stealer, PureLog Stealer, RedLine, zgRATBrowse
                                                                                                                                                                                                                                    • 66.63.187.209
                                                                                                                                                                                                                                    .main.elfGet hashmaliciousXmrigBrowse
                                                                                                                                                                                                                                    • 66.63.187.200
                                                                                                                                                                                                                                    jew.arm6.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 173.205.82.66
                                                                                                                                                                                                                                    jew.mpsl.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 154.205.102.60
                                                                                                                                                                                                                                    bcUcEm7AqP.exeGet hashmaliciousAsyncRATBrowse
                                                                                                                                                                                                                                    • 69.174.100.131
                                                                                                                                                                                                                                    ET5.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 45.61.165.224
                                                                                                                                                                                                                                    na.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                    • 194.146.117.28
                                                                                                                                                                                                                                    BQ_PO#385995.exeGet hashmaliciousRedLine, Snake Keylogger, VIP Keylogger, XWormBrowse
                                                                                                                                                                                                                                    • 69.174.100.131
                                                                                                                                                                                                                                    Vwf30y6XRO.exeGet hashmaliciousCrimsonBrowse
                                                                                                                                                                                                                                    • 104.223.106.8
                                                                                                                                                                                                                                    Vwf30y6XRO.exeGet hashmaliciousCrimsonBrowse
                                                                                                                                                                                                                                    • 104.223.106.8

                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                    No context

                                                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\gC0jV08bP3.exe.log

                                                                                                                                                                                                                                    Download File
                                                                                                                                                                                                                                    Process:C:\Users\user\Desktop\gC0jV08bP3.exe
                                                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                                                    Size (bytes):2611
                                                                                                                                                                                                                                    Entropy (8bit):5.363358188931451
                                                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                                                    SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKkafHKWA1eXrHKlT48BHK7HKmTHlHNW:iq+wmj0qCYqGSI6oPtzHeqKkGqhA7qZR
                                                                                                                                                                                                                                    MD5:CEA017D10C4D437981D19F21660A47FA
                                                                                                                                                                                                                                    SHA1:61AAFCECB5325DE172857CEF7C7E1F230F73AFFD
                                                                                                                                                                                                                                    SHA-256:60B099420455DECD1878FE84F217CFE478BA0BA5E6E574077150D08355A1DD96
                                                                                                                                                                                                                                    SHA-512:413384BF9D2EDC9BC2DF6D5175D09A33B91CCF9C53FE3CB21892CB57AF4FD8A9BE0608E9BCA57AF4A7F2709A4C110148719DA3210460DF433CFD77FA753B9CF8
                                                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                                                    Reputation:moderate, very likely benign file
                                                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                                                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                    Entropy (8bit):5.180183125390317
                                                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                                    File name:gC0jV08bP3.exe
                                                                                                                                                                                                                                    File size:743'424 bytes
                                                                                                                                                                                                                                    MD5:58ed282c74825b5b77132329d2a06868
                                                                                                                                                                                                                                    SHA1:44e040cc9b0760d929a14e34ff2153fb17a51aa8
                                                                                                                                                                                                                                    SHA256:e1cf672f6bb955a21b742da64c3978241d639e9c2add415b63df73c52b4c1c8f
                                                                                                                                                                                                                                    SHA512:837aa4d7c25f904272372b1585c5934afc99aa1f1a208b288d4b85efce0e079b61dac96449c6dc2032cc9a76975b59a424dbd135e9474ee6930871e3566e058e
                                                                                                                                                                                                                                    SSDEEP:12288:xDKYDzqxpXBNt1BrivR0V4TBjgYxs1wl206gBawFV2ceSb0BQ/GfM/4QiAzojgJ0:xDKY3qxp1NDXw
                                                                                                                                                                                                                                    TLSH:52F4701C5BBC058CEC8CD531BE20C9326EA04E08919FCB49A569FA151EB6277B3F5BD1
                                                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.................. ........@.. ....................................@................................

                                                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                                                    Icon Hash:0e9696961617e982

                                                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Entrypoint:0x44d0fe
                                                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                    Time Stamp:0xE3FEC0F4 [Mon Mar 19 06:19:32 2091 UTC]
                                                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x4d0a80x53.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x4e0000x6a022.rsrc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xba0000xc.reloc
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                    Sections

                                                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                    .text0x20000x4b1040x4b200a0c40baccf59876662b4c242484f8f98False0.4180239964642263data6.528694546061667IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .rsrc0x4e0000x6a0220x6a20065e4195d76e2641b30f5c060426a53b1False0.04090059997055359data3.4733020781588206IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                    .reloc0xba0000xc0x200fdd16811f82542ac94c2824c17d00617False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                    Resources

                                                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                    RT_ICON0x4e2b00x42028Device independent bitmap graphic, 256 x 512 x 32, image size 2703360.019047548598988075
                                                                                                                                                                                                                                    RT_ICON0x902d80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 675840.03903939429788241
                                                                                                                                                                                                                                    RT_ICON0xa0b000x94a8Device independent bitmap graphic, 96 x 192 x 32, image size 380160.0580460374185411
                                                                                                                                                                                                                                    RT_ICON0xa9fa80x5488Device independent bitmap graphic, 72 x 144 x 32, image size 216000.08243992606284659
                                                                                                                                                                                                                                    RT_ICON0xaf4300x4228Device independent bitmap graphic, 64 x 128 x 32, image size 168960.0987836561171469
                                                                                                                                                                                                                                    RT_ICON0xb36580x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 96000.14284232365145227
                                                                                                                                                                                                                                    RT_ICON0xb5c000x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.22537523452157598
                                                                                                                                                                                                                                    RT_ICON0xb6ca80x988Device independent bitmap graphic, 24 x 48 x 32, image size 24000.30901639344262294
                                                                                                                                                                                                                                    RT_ICON0xb76300x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.4530141843971631
                                                                                                                                                                                                                                    RT_GROUP_ICON0xb7a980x84data0.7196969696969697
                                                                                                                                                                                                                                    RT_VERSION0xb7b1c0x31cdata0.4535175879396985
                                                                                                                                                                                                                                    RT_MANIFEST0xb7e380x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                                    Imports

                                                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                                                    Suricata IDS Alerts

                                                                                                                                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                    2024-12-08T17:51:58.717942+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.44973066.63.187.2096677TCP
                                                                                                                                                                                                                                    2024-12-08T17:52:00.173804+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)166.63.187.2096677192.168.2.449730TCP

                                                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:57.088028908 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:57.207429886 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:57.207731962 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:57.209409952 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:57.329912901 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:58.594779015 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:58.642209053 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:58.717941999 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:58.837397099 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:59.583051920 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:59.592497110 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:51:59.715166092 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173691034 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173715115 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173727036 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173791885 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173803091 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173804045 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173820019 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173832893 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173844099 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173844099 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173866987 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.173883915 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.174052954 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.174098969 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.174112082 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.174123049 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.174154043 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.174169064 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.300024033 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.300040960 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.300091982 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.304162025 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.304356098 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.304413080 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.423245907 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.423261881 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:00.423340082 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.670028925 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792073011 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792097092 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792115927 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792125940 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792138100 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792184114 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792191982 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792196035 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792220116 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792233944 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792262077 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792319059 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792327881 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792371988 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792375088 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792396069 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792429924 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.792443991 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.911931038 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.911947012 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.911955118 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.911968946 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.911988020 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.911997080 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.911997080 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912005901 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912040949 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912065029 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912090063 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912142038 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912182093 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912230015 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912286997 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912374973 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912386894 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.912435055 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.954452038 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:03.954546928 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031507969 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031522989 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031620026 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031622887 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031665087 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031681061 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031711102 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031778097 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031804085 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031846046 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031869888 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031902075 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.031944990 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032006979 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032058001 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032075882 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032102108 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032134056 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032159090 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032174110 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032227993 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032263994 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032274008 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032280922 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.032377005 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151416063 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151429892 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151474953 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151508093 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151520014 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151534081 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151585102 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151596069 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151607990 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151628971 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151638985 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151643038 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151654005 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151683092 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151693106 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151702881 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151740074 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151748896 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151760101 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151782036 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151793003 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151793003 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151830912 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151833057 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151842117 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151851892 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151884079 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151887894 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151911974 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151942968 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151968956 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151976109 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.151983976 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152008057 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152035952 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152055979 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152055979 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152093887 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152106047 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152121067 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152157068 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152164936 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152173042 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152184010 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152221918 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152261019 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152270079 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152307034 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152307987 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152355909 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152380943 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152391911 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152400017 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152410030 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152477026 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.152487993 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277586937 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277604103 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277614117 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277617931 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277621984 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277654886 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277713060 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277769089 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277831078 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277879953 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.277916908 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.670433998 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.816766977 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817066908 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817076921 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817277908 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817286968 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817315102 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817568064 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817620993 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817759037 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817831993 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.817991972 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818131924 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818142891 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818154097 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818178892 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818264961 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818274021 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818335056 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818380117 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818411112 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818490982 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818501949 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818510056 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818521976 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818598032 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818608046 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818648100 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818696022 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818778038 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818803072 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818839073 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818850040 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818890095 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818932056 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.818942070 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819061041 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819070101 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819078922 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819109917 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819119930 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819128036 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819257975 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819267035 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819276094 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819286108 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819359064 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819367886 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819376945 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819449902 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819459915 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819468021 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819482088 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819603920 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819613934 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819622040 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819631100 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819641113 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819648981 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.819705009 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.821084023 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.821173906 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.821173906 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.821202993 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941422939 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941440105 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941477060 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941488028 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941498041 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941513062 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941518068 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941538095 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941546917 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941546917 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941576958 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941596031 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941596985 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941605091 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941620111 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941628933 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941634893 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941660881 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941674948 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941675901 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941684961 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941728115 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941750050 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941760063 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941797972 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941801071 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941824913 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941873074 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941878080 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941888094 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941945076 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.941955090 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.942027092 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:04.942038059 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061230898 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061249018 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061347961 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061357021 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061454058 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061464071 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061497927 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061507940 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061629057 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061639071 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061743975 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061753988 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061791897 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061801910 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061903954 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.061916113 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062122107 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062131882 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062140942 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062150002 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062258959 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062268972 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062277079 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062285900 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062376976 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062386036 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062393904 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.062403917 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.182991028 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183012009 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183022022 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183032990 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183067083 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183077097 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183087111 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183100939 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183125973 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183255911 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183265924 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183265924 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183274984 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183300972 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183356047 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183372974 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183412075 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183464050 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183500051 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183643103 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183660030 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183729887 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183747053 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183757067 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183767080 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183804989 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183841944 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183857918 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183906078 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183967113 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.183976889 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307697058 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307712078 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307730913 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307740927 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307749987 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307766914 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307776928 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307806015 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307854891 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307948112 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307960033 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.307990074 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308008909 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308186054 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308195114 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308243036 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308288097 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308403015 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308548927 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308624983 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308654070 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308670998 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308727026 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308820963 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308830976 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308919907 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308933973 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.308968067 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.309036970 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.309046984 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.309111118 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.309184074 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.309271097 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432549000 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432565928 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432579994 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432589054 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432596922 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432624102 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432634115 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432641029 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432749033 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432760000 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432769060 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432777882 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432909012 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432919025 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.432926893 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433134079 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433145046 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433182955 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433192968 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433201075 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433211088 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433219910 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433289051 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433298111 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433306932 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433336020 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433345079 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433353901 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433367014 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433419943 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433429956 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.433459997 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553026915 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553045988 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553057909 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553081989 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553181887 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553193092 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553273916 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553350925 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553360939 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553456068 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553466082 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553482056 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553531885 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553550005 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553670883 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553680897 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553770065 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553778887 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553786039 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553869009 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553877115 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553949118 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.553993940 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554069996 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554100990 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554138899 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554188013 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554333925 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554342985 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554410934 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554419994 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554461956 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554513931 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.554564953 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672409058 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672421932 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672456980 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672498941 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672566891 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672627926 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672755003 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672770977 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672811031 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672856092 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672943115 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.672950983 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673032045 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673049927 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673130035 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673140049 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673216105 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673224926 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673311949 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673358917 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673367977 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673378944 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673465967 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673475981 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673549891 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673559904 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673604965 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673614025 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673670053 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673679113 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673752069 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673760891 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.673873901 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797410011 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797421932 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797434092 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797493935 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797627926 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797637939 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797642946 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797782898 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797818899 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797916889 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797960043 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.797996044 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798047066 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798135042 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798166990 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798264980 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798345089 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798422098 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798433065 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798563957 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798573017 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798625946 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798686981 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798738956 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798796892 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798907042 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798955917 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.798994064 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799011946 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799102068 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799148083 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799268007 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799277067 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799343109 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799354076 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.799391985 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923697948 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923712969 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923737049 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923746109 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923800945 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923810959 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923862934 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923871994 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923959017 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.923968077 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924007893 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924057961 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924115896 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924175978 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924185991 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924196959 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924330950 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924374104 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924385071 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924617052 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924626112 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924721956 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924731970 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924825907 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924834967 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924884081 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924892902 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.924909115 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925028086 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925038099 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925117970 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925127983 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925172091 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925209999 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925262928 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925271988 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:05.925302029 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050158024 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050172091 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050180912 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050189972 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050201893 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050209999 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050236940 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050246954 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050357103 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.050367117 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242832899 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242846966 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242855072 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242863894 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242883921 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242893934 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242919922 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242933989 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242944002 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.242981911 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243033886 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243043900 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243102074 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243117094 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243128061 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243151903 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243205070 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243257046 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.243266106 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.294723988 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.294734955 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.294745922 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.294847965 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.294857979 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.294943094 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.294956923 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295067072 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295170069 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295231104 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295239925 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295331001 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295340061 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295368910 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295377970 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295452118 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295466900 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295475960 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295485020 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295494080 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295502901 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295511961 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295528889 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295545101 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295614958 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295624971 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295676947 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295686960 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295759916 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295768976 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295798063 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295846939 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295887947 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.295957088 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296024084 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296041965 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296051979 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296060085 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296084881 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296092033 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296093941 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296128988 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296138048 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296243906 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296268940 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296343088 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296351910 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296432972 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296442032 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296468973 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296477079 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296545029 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296554089 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296665907 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296681881 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296734095 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296773911 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296886921 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296896935 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.296952963 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.361871958 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414222956 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414331913 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414402008 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414482117 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414573908 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414583921 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414683104 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414781094 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.414824963 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415590048 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415601015 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415610075 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415688992 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415766001 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415779114 CET497306677192.168.2.466.63.187.209
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415798903 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415936947 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.415977001 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416059971 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416070938 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416177034 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416187048 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416258097 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416268110 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416306973 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.416358948 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.481132030 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533365965 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533411980 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533626080 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533636093 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533835888 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533896923 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533926010 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533935070 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.533972979 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.534986019 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.534996033 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535048008 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535058975 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535188913 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535198927 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535260916 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535270929 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535288095 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535342932 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535361052 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535370111 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535429001 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535445929 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535495996 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.535543919 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.602601051 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.652648926 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.652676105 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.652693033 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.652703047 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.652734995 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.652966022 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.652975082 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.653021097 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.653058052 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654321909 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654339075 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654417038 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654465914 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654474974 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654623985 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654633045 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654705048 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654714108 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654783010 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654792070 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654844999 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654853106 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654937029 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654953957 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.654999971 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.655008078 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.655205965 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.655215979 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.655224085 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:06.722780943 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:12.918123007 CET66774973066.63.187.209192.168.2.4
                                                                                                                                                                                                                                    Dec 8, 2024 17:52:12.930363894 CET497306677192.168.2.466.63.187.209

                                                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                                                    General

                                                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                                                    Start time:11:51:55
                                                                                                                                                                                                                                    Start date:08/12/2024
                                                                                                                                                                                                                                    Path:C:\Users\user\Desktop\gC0jV08bP3.exe
                                                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                                                    Commandline:"C:\Users\user\Desktop\gC0jV08bP3.exe"
                                                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                                                    File size:743'424 bytes
                                                                                                                                                                                                                                    MD5 hash:58ED282C74825B5B77132329D2A06868
                                                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000000.1657718776.0000000000242000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1873631303.0000000002614000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1873631303.000000000262D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                                                      Execution Coverage:12.9%
                                                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                      Signature Coverage:0%
                                                                                                                                                                                                                                      Total number of Nodes:9
                                                                                                                                                                                                                                      Total number of Limit Nodes:0
                                                                                                                                                                                                                                      execution_graph 17924 7ffd9ba1a571 17925 7ffd9ba1a58f ReadFile 17924->17925 17927 7ffd9ba1a68d 17925->17927 17928 7ffd9ba19a65 17929 7ffd9ba19a6f CreateFileA 17928->17929 17931 7ffd9ba19c42 17929->17931 17920 7ffd9ba32bfa 17921 7ffd9ba32cbf CreateCompatibleBitmap 17920->17921 17923 7ffd9ba32d5a 17921->17923

                                                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                                                      Function 00007FFD9BA1D535 Relevance: 3.2, Strings: 1, Instructions: 1925COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 0 7ffd9ba1d535-7ffd9ba1d5ae 1 7ffd9ba1d5b4-7ffd9ba1d5c6 0->1 2 7ffd9ba1d6bc-7ffd9ba1d765 0->2 1->2 4 7ffd9ba1d876-7ffd9ba1d93b 2->4 5 7ffd9ba1d76b-7ffd9ba1d77d 2->5 6 7ffd9ba1da20-7ffd9ba1da51 4->6 7 7ffd9ba1d941-7ffd9ba1da15 4->7 5->4 10 7ffd9ba1da5a-7ffd9ba1da94 6->10 7->6 12 7ffd9ba1da9d-7ffd9ba1db47 10->12 14 7ffd9ba1db4d-7ffd9ba1db5a 12->14 15 7ffd9ba1dc2c-7ffd9ba1dd23 12->15 19 7ffd9ba1db5f 14->19 26 7ffd9ba1dd2c-7ffd9ba1dd66 15->26 19->19 27 7ffd9ba1dd6c-7ffd9ba1de40 26->27 28 7ffd9ba1de4b-7ffd9ba1decd 26->28 27->28 31 7ffd9ba1ded3-7ffd9ba1dfa1 28->31 32 7ffd9ba1dfac-7ffd9ba1e01d 28->32 31->32 34 7ffd9ba1e102-7ffd9ba1e133 32->34 35 7ffd9ba1e023-7ffd9ba1e035 32->35 39 7ffd9ba1e13c-7ffd9ba1e16e 34->39 43 7ffd9ba1e177-7ffd9ba1e1b9 39->43 45 7ffd9ba1e1fa-7ffd9ba1e232 43->45 46 7ffd9ba1e1bb-7ffd9ba1e1f8 43->46 49 7ffd9ba1e239-7ffd9ba1e272 45->49 46->49 52 7ffd9ba1e27b-7ffd9ba1e299 49->52 53 7ffd9ba1e29f-7ffd9ba1e2aa 52->53 54 7ffd9ba1e347-7ffd9ba1e3b8 52->54 58 7ffd9ba1e2ed-7ffd9ba1e33c 53->58 59 7ffd9ba1e2ac-7ffd9ba1e2e7 53->59 64 7ffd9ba1f633-7ffd9ba1f656 54->64 58->54 59->58 69 7ffd9ba1e3bd-7ffd9ba1e410 64->69 70 7ffd9ba1f65c-7ffd9ba1f669 call 7ffd9ba1f723 64->70 76 7ffd9ba1e416-7ffd9ba1e50c 69->76 77 7ffd9ba1e517-7ffd9ba1e59d 69->77 81 7ffd9ba1f66b-7ffd9ba1f68e 70->81 76->77 85 7ffd9ba1e682-7ffd9ba1e738 77->85 86 7ffd9ba1e5a3-7ffd9ba1e5b0 77->86 87 7ffd9ba1d03d-7ffd9ba1d074 81->87 88 7ffd9ba1f694-7ffd9ba1f6c3 call 7ffd9ba1f7b1 81->88 107 7ffd9ba1e73e-7ffd9ba1e74f 85->107 108 7ffd9ba1e7e6-7ffd9ba1e83b 85->108 86->85 95 7ffd9ba1d07a-7ffd9ba1d08d 87->95 96 7ffd9ba1d1dc-7ffd9ba1d223 87->96 110 7ffd9ba1f6c9-7ffd9ba1f6f4 call 7ffd9ba1f811 88->110 111 7ffd9ba1cd7b-7ffd9ba1cdb2 88->111 95->96 99 7ffd9ba1d32a-7ffd9ba1d3be 96->99 100 7ffd9ba1d229-7ffd9ba1d23b 96->100 117 7ffd9ba1d4f0-7ffd9ba1d530 99->117 118 7ffd9ba1d3c4-7ffd9ba1d4e5 99->118 100->99 107->108 114 7ffd9ba1e99e-7ffd9ba1ea0f 108->114 115 7ffd9ba1e841-7ffd9ba1e98a 108->115 131 7ffd9ba1ce60-7ffd9ba1cea7 111->131 132 7ffd9ba1cdb8-7ffd9ba1cdca 111->132 120 7ffd9ba1eaf4-7ffd9ba1eb81 114->120 121 7ffd9ba1ea15-7ffd9ba1ea27 114->121 115->114 117->81 118->117 129 7ffd9ba1ec66-7ffd9ba1ed4d 120->129 130 7ffd9ba1eb87-7ffd9ba1eb99 120->130 121->120 155 7ffd9ba1ee5e-7ffd9ba1eef9 129->155 156 7ffd9ba1ed53-7ffd9ba1ed65 129->156 130->129 136 7ffd9ba1cead-7ffd9ba1ceba 131->136 137 7ffd9ba1cf8c-7ffd9ba1cfbd 131->137 132->131 147 7ffd9ba1cebe-7ffd9ba1cebf 136->147 145 7ffd9ba1cfc6-7ffd9ba1d038 137->145 145->81 147->147 151 7ffd9ba1cec0 147->151 151->137 158 7ffd9ba1eeff-7ffd9ba1ef11 155->158 159 7ffd9ba1f02b-7ffd9ba1f121 155->159 156->155 158->159 168 7ffd9ba1f200-7ffd9ba1f39e call 7ffd9ba1adb0 159->168 169 7ffd9ba1f127-7ffd9ba1f1f5 159->169 196 7ffd9ba1f3a4-7ffd9ba1f41e 168->196 197 7ffd9ba1f43a-7ffd9ba1f48f 168->197 169->168 196->197 199 7ffd9ba1f562-7ffd9ba1f631 197->199 200 7ffd9ba1f495-7ffd9ba1f557 197->200 199->64 200->199
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: S
                                                                                                                                                                                                                                      • API String ID: 0-543223747
                                                                                                                                                                                                                                      • Opcode ID: 92ad5ba0841bd1554e510969d39e6bad59da3dfb5db27adbd091f9debb559227
                                                                                                                                                                                                                                      • Instruction ID: 21a5aecc5ce3749fd6b2d696959cbdcec3bf1e039ae75b3fd79671dba9207225
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92ad5ba0841bd1554e510969d39e6bad59da3dfb5db27adbd091f9debb559227
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FF28770A1996D8FDFE8EF18C895BA9B7F1FB68305F1141EA900DE3251CA756A81CF40
                                                                                                                                                                                                                                      Function 00007FFD9BA2F7F8 Relevance: 2.8, Strings: 1, Instructions: 1564COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 220 7ffd9ba2f7f8-7ffd9ba2f834 224 7ffd9ba2f837-7ffd9ba2f83c 220->224 224->224 225 7ffd9ba2f83e-7ffd9ba2f844 224->225 227 7ffd9ba2f847-7ffd9ba2f84c 225->227 227->227 228 7ffd9ba2f84e-7ffd9ba2f8d9 227->228 238 7ffd9ba2f926-7ffd9ba2faa0 228->238 239 7ffd9ba2f8db-7ffd9ba2f8f9 228->239 270 7ffd9ba2faa2-7ffd9ba2fae6 238->270 271 7ffd9ba2fac7-7ffd9ba2fae6 238->271 239->238 274 7ffd9ba2faed-7ffd9ba2fb6e 270->274 271->274 282 7ffd9ba2fb70-7ffd9ba2fb88 274->282 283 7ffd9ba2fb89-7ffd9ba2fb9e 274->283 285 7ffd9ba2fba4-7ffd9ba2fbaa 283->285 286 7ffd9ba306e6-7ffd9ba306fb 283->286 287 7ffd9ba2fbb1-7ffd9ba2fbb3 285->287 288 7ffd9ba2fc81-7ffd9ba2fc96 287->288 289 7ffd9ba2fbb9-7ffd9ba2fbbc 287->289 293 7ffd9ba2fca8-7ffd9ba2fcab 288->293 294 7ffd9ba2fc98-7ffd9ba2fca2 288->294 289->286 290 7ffd9ba2fbc2-7ffd9ba2fc60 289->290 290->286 331 7ffd9ba2fc66-7ffd9ba2fc7c 290->331 293->286 295 7ffd9ba2fcb1-7ffd9ba2fd48 293->295 294->293 300 7ffd9ba2fd69-7ffd9ba2fd73 294->300 295->286 347 7ffd9ba2fd4e-7ffd9ba2fd64 295->347 305 7ffd9ba2fd75-7ffd9ba2fd78 300->305 306 7ffd9ba2fd96-7ffd9ba2fda5 300->306 305->286 308 7ffd9ba2fd7e-7ffd9ba2fd91 305->308 310 7ffd9ba2ff04-7ffd9ba2ff5c 306->310 311 7ffd9ba2fdab-7ffd9ba2fdb5 306->311 308->286 325 7ffd9ba301b1-7ffd9ba301b8 310->325 326 7ffd9ba2ff62-7ffd9ba2ff9e 310->326 311->310 319 7ffd9ba2fdbb-7ffd9ba2fdbe 311->319 322 7ffd9ba2fefe-7ffd9ba2feff 319->322 323 7ffd9ba2fdc4-7ffd9ba2fee6 319->323 322->310 323->322 446 7ffd9ba2fee8-7ffd9ba2fef9 323->446 330 7ffd9ba30473-7ffd9ba3047e 325->330 345 7ffd9ba2ffa0-7ffd9ba2ffb5 326->345 346 7ffd9ba2fffc-7ffd9ba30016 326->346 332 7ffd9ba301bd-7ffd9ba301c4 330->332 333 7ffd9ba30484-7ffd9ba30490 330->333 331->286 341 7ffd9ba30714-7ffd9ba3074b 332->341 342 7ffd9ba301ca-7ffd9ba301f1 332->342 339 7ffd9ba3049e-7ffd9ba304a9 333->339 340 7ffd9ba30492-7ffd9ba3049c 333->340 344 7ffd9ba306fc-7ffd9ba30713 339->344 340->339 363 7ffd9ba304ae-7ffd9ba304b8 340->363 368 7ffd9ba3074d-7ffd9ba30754 341->368 369 7ffd9ba30755-7ffd9ba30759 341->369 356 7ffd9ba301f7-7ffd9ba301fa 342->356 357 7ffd9ba30468-7ffd9ba30471 342->357 345->346 358 7ffd9ba2ffb7-7ffd9ba2ffc9 345->358 351 7ffd9ba30175-7ffd9ba30181 346->351 352 7ffd9ba3001c-7ffd9ba3001f 346->352 347->286 351->325 360 7ffd9ba30183-7ffd9ba3018b 351->360 361 7ffd9ba3016f-7ffd9ba30170 352->361 362 7ffd9ba30025-7ffd9ba30157 352->362 364 7ffd9ba30200-7ffd9ba3020a 356->364 365 7ffd9ba30462-7ffd9ba30463 356->365 357->330 358->346 366 7ffd9ba2ffcb-7ffd9ba2ffcf 358->366 360->341 370 7ffd9ba30191-7ffd9ba301a3 360->370 361->351 362->361 461 7ffd9ba30159-7ffd9ba3016a 362->461 378 7ffd9ba304be-7ffd9ba3051b 363->378 379 7ffd9ba30574-7ffd9ba30589 363->379 385 7ffd9ba30217-7ffd9ba3022f 364->385 386 7ffd9ba3020c-7ffd9ba30212 364->386 365->357 366->341 373 7ffd9ba2ffd5-7ffd9ba2fff5 366->373 375 7ffd9ba30771-7ffd9ba30775 369->375 376 7ffd9ba3075b-7ffd9ba30768 369->376 370->325 390 7ffd9ba301a5-7ffd9ba301aa 370->390 373->346 382 7ffd9ba30781-7ffd9ba30788 375->382 383 7ffd9ba30777-7ffd9ba30780 375->383 376->375 396 7ffd9ba3076a-7ffd9ba3076d 376->396 378->341 421 7ffd9ba30521-7ffd9ba30540 378->421 397 7ffd9ba3058b-7ffd9ba3059a 379->397 398 7ffd9ba305ac-7ffd9ba305af 379->398 401 7ffd9ba302a1-7ffd9ba302b6 385->401 402 7ffd9ba30231-7ffd9ba3025a 385->402 393 7ffd9ba302ca-7ffd9ba303ba 386->393 390->325 463 7ffd9ba303dd-7ffd9ba3044a 393->463 464 7ffd9ba303bc-7ffd9ba303dc 393->464 396->375 397->398 404 7ffd9ba3059c-7ffd9ba305a7 397->404 398->286 399 7ffd9ba305b5-7ffd9ba306b7 398->399 474 7ffd9ba306e3-7ffd9ba306e5 399->474 475 7ffd9ba306b9-7ffd9ba306ce 399->475 411 7ffd9ba302c2-7ffd9ba302c8 401->411 412 7ffd9ba302b8-7ffd9ba302c0 401->412 402->401 425 7ffd9ba3025c-7ffd9ba30272 402->425 404->344 411->393 412->393 421->379 436 7ffd9ba3028d-7ffd9ba30295 425->436 437 7ffd9ba30274-7ffd9ba3028b 425->437 436->393 437->436 438 7ffd9ba30297-7ffd9ba3029f 437->438 438->393 446->322 461->361 463->365 478 7ffd9ba3044c-7ffd9ba3045d 463->478 464->463 474->286 475->286 479 7ffd9ba306d0-7ffd9ba306e1 475->479 478->365 479->474
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: _
                                                                                                                                                                                                                                      • API String ID: 0-701932520
                                                                                                                                                                                                                                      • Opcode ID: ef66a416bbb383409303adc63d9d65dcfb05905cf047bca6deac50140ea8a80f
                                                                                                                                                                                                                                      • Instruction ID: ce7d1bf6b7cd4ba67811d49560d80b4c4506336d007e063af2eb4d47f537ae67
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef66a416bbb383409303adc63d9d65dcfb05905cf047bca6deac50140ea8a80f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07B23632B0DB8A4FE7A8DB6890A56E977D1EF94304F1540BAD08DC72E3DE35A9428741
                                                                                                                                                                                                                                      Function 00007FFD9BA298A9 Relevance: 2.2, Strings: 1, Instructions: 958COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 482 7ffd9ba298a9-7ffd9ba298af 483 7ffd9ba298f1-7ffd9ba29906 482->483 484 7ffd9ba298b1-7ffd9ba298b7 482->484 485 7ffd9ba2990d-7ffd9ba29910 483->485 484->483 486 7ffd9ba29ed2-7ffd9ba29ee4 485->486 487 7ffd9ba29916-7ffd9ba29936 485->487 489 7ffd9ba29980-7ffd9ba29985 487->489 490 7ffd9ba29938-7ffd9ba29946 487->490 492 7ffd9ba2998c-7ffd9ba299e7 489->492 490->489 493 7ffd9ba29948-7ffd9ba2994c 490->493 502 7ffd9ba29a23-7ffd9ba29a3c 492->502 503 7ffd9ba299e9-7ffd9ba299fa 492->503 493->486 495 7ffd9ba29952-7ffd9ba29956 493->495 496 7ffd9ba29f6c-7ffd9ba29f81 495->496 497 7ffd9ba2995c-7ffd9ba2997b 495->497 497->496 512 7ffd9ba29f9f-7ffd9ba29fb3 502->512 513 7ffd9ba29a42-7ffd9ba29a43 502->513 506 7ffd9ba29a44-7ffd9ba29a5b 503->506 507 7ffd9ba299fc-7ffd9ba29a02 503->507 517 7ffd9ba29a5c-7ffd9ba29a5d 506->517 508 7ffd9ba29a08-7ffd9ba29a13 507->508 509 7ffd9ba29f96-7ffd9ba29f9e 507->509 518 7ffd9ba29a17-7ffd9ba29a21 508->518 509->512 522 7ffd9ba29fbe-7ffd9ba29fed 512->522 523 7ffd9ba29fb5-7ffd9ba29fbd 512->523 513->506 517->518 520 7ffd9ba29a5f-7ffd9ba29a60 517->520 518->517 524 7ffd9ba29a61-7ffd9ba29a7e 520->524 525 7ffd9ba29cac-7ffd9ba29caf 520->525 530 7ffd9ba29ff3-7ffd9ba29ffb 522->530 531 7ffd9ba2a128-7ffd9ba2a160 522->531 523->522 532 7ffd9ba29b6d-7ffd9ba29b79 524->532 533 7ffd9ba29a84-7ffd9ba29a88 524->533 527 7ffd9ba29d38-7ffd9ba29d3c 525->527 528 7ffd9ba29cb5-7ffd9ba29cea 525->528 527->496 534 7ffd9ba29d42-7ffd9ba29e5d 527->534 528->527 545 7ffd9ba29cec-7ffd9ba29cf0 528->545 535 7ffd9ba29ffd-7ffd9ba2a011 530->535 536 7ffd9ba2a065-7ffd9ba2a06d 530->536 563 7ffd9ba2a162-7ffd9ba2a16a 531->563 564 7ffd9ba2a16b-7ffd9ba2a198 531->564 537 7ffd9ba29bc0-7ffd9ba29bc4 532->537 538 7ffd9ba29b7b-7ffd9ba29bba 532->538 533->496 541 7ffd9ba29a8e-7ffd9ba29a99 533->541 618 7ffd9ba29e5f-7ffd9ba29e95 534->618 619 7ffd9ba29e97-7ffd9ba29eca 534->619 535->531 544 7ffd9ba2a017-7ffd9ba2a044 535->544 536->531 543 7ffd9ba2a073-7ffd9ba2a07d 536->543 537->496 547 7ffd9ba29bca-7ffd9ba29bd2 537->547 538->537 562 7ffd9ba29c60-7ffd9ba29c64 538->562 567 7ffd9ba29b02-7ffd9ba29b68 541->567 568 7ffd9ba29a9b-7ffd9ba29ab6 541->568 548 7ffd9ba2a07f-7ffd9ba2a084 543->548 549 7ffd9ba2a0e6-7ffd9ba2a127 543->549 570 7ffd9ba2a046-7ffd9ba2a049 544->570 571 7ffd9ba2a04b-7ffd9ba2a056 544->571 545->486 552 7ffd9ba29cf6-7ffd9ba29d33 545->552 554 7ffd9ba29bd4-7ffd9ba29bd6 547->554 555 7ffd9ba29bd8-7ffd9ba29be2 547->555 559 7ffd9ba2a086-7ffd9ba2a0d2 548->559 560 7ffd9ba2a0d9-7ffd9ba2a0e5 548->560 549->531 582 7ffd9ba29f82-7ffd9ba29f95 552->582 565 7ffd9ba29be4-7ffd9ba29be7 554->565 555->565 559->560 562->486 578 7ffd9ba29c6a-7ffd9ba29ca7 562->578 576 7ffd9ba29bf1-7ffd9ba29bf7 565->576 577 7ffd9ba29be9-7ffd9ba29bee 565->577 567->496 568->513 585 7ffd9ba29ab8-7ffd9ba29afd 568->585 581 7ffd9ba2a058-7ffd9ba2a05b 570->581 571->581 583 7ffd9ba29c27-7ffd9ba29c2a 576->583 584 7ffd9ba29bf9-7ffd9ba29c25 576->584 577->576 578->582 581->536 590 7ffd9ba29c4e-7ffd9ba29c5b 583->590 591 7ffd9ba29c2c-7ffd9ba29c4b 583->591 584->583 585->496 590->496 591->590 622 7ffd9ba29ecd-7ffd9ba29ed0 618->622 619->622 622->486 623 7ffd9ba29ee5-7ffd9ba29f0a 622->623 625 7ffd9ba29f4d-7ffd9ba29f65 623->625 626 7ffd9ba29f0c-7ffd9ba29f4c 623->626 625->496 626->625
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                                                      • API String ID: 0-2852464175
                                                                                                                                                                                                                                      • Opcode ID: 7a5c7a9507a5a2d8b843c4be3c3a3774bed85247a568b9ea3464cab14cffb797
                                                                                                                                                                                                                                      • Instruction ID: 3c25536fbded09748da223bd0c14f72cebcffa12aa74438537538f9e81463f94
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a5c7a9507a5a2d8b843c4be3c3a3774bed85247a568b9ea3464cab14cffb797
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC62D230A19B498FDBA8DB69C4A5AA5B3E1FF98300B15457DD08EC76A2DE34F846C740
                                                                                                                                                                                                                                      Function 00007FFD9B8CC45D Relevance: 2.1, Strings: 1, Instructions: 823COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 632 7ffd9b8cc45d-7ffd9b8cc469 633 7ffd9b8cc46b-7ffd9b8cc470 632->633 634 7ffd9b8cc471-7ffd9b8cc493 632->634 633->634 635 7ffd9b8cc494-7ffd9b8cc4c8 634->635 637 7ffd9b8cc4ca-7ffd9b8cc4ef 635->637 638 7ffd9b8cc509-7ffd9b8cc52a 637->638 639 7ffd9b8cc4f1-7ffd9b8cc507 637->639 643 7ffd9b8cc52c-7ffd9b8cc55c 638->643 644 7ffd9b8cc55f 638->644 639->638 643->644 646 7ffd9b8cc565-7ffd9b8cc5b6 644->646 647 7ffd9b8ccabd-7ffd9b8ccad6 644->647 646->647 660 7ffd9b8cc5bc-7ffd9b8cc5d4 646->660 653 7ffd9b8ccad8-7ffd9b8ccaf8 647->653 653->653 655 7ffd9b8ccafa-7ffd9b8ccb0d 653->655 660->647 662 7ffd9b8cc5da-7ffd9b8cc622 660->662 669 7ffd9b8cc65b-7ffd9b8cc6a0 662->669 670 7ffd9b8cc624-7ffd9b8cc659 662->670 676 7ffd9b8cc6a7-7ffd9b8cc6bc 669->676 670->676 676->647 678 7ffd9b8cc6c2-7ffd9b8cc70a 676->678 685 7ffd9b8cc70c-7ffd9b8cc717 678->685 686 7ffd9b8cc743-7ffd9b8cc774 678->686 688 7ffd9b8cc719-7ffd9b8cc741 685->688 689 7ffd9b8cc776-7ffd9b8cc788 685->689 686->689 692 7ffd9b8cc78f-7ffd9b8cc7a4 688->692 689->692 692->647 696 7ffd9b8cc7aa-7ffd9b8cc7f2 692->696 702 7ffd9b8cc82b-7ffd9b8cc870 696->702 703 7ffd9b8cc7f4-7ffd9b8cc829 696->703 709 7ffd9b8cc877-7ffd9b8cc88c 702->709 703->709 709->647 711 7ffd9b8cc892-7ffd9b8cc8da 709->711 718 7ffd9b8cc8dc-7ffd9b8cc911 711->718 719 7ffd9b8cc913-7ffd9b8cc958 711->719 724 7ffd9b8cc95f-7ffd9b8cc974 718->724 719->724 724->647 727 7ffd9b8cc97a-7ffd9b8cc9c2 724->727 734 7ffd9b8cc9fb-7ffd9b8cca11 727->734 735 7ffd9b8cc9c4-7ffd9b8cc9f9 727->735 740 7ffd9b8cca13-7ffd9b8cca40 734->740 741 7ffd9b8cca6d-7ffd9b8cca95 734->741 744 7ffd9b8cca47-7ffd9b8cca6b 735->744 740->744 741->647 749 7ffd9b8cca97-7ffd9b8ccabc 741->749 744->741
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: ZJ_H
                                                                                                                                                                                                                                      • API String ID: 0-3185422581
                                                                                                                                                                                                                                      • Opcode ID: 8cae4c0c71919c8dda3d3c681d248f50e5c040be3ecba3cba144324cb7edf822
                                                                                                                                                                                                                                      • Instruction ID: b931c1975e1cf8adf8f186bff4c8887555eb37817aa1782aacea7014dd7ce09c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8cae4c0c71919c8dda3d3c681d248f50e5c040be3ecba3cba144324cb7edf822
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A732C4B1B1EA494FD7A4EB2C84696787BE1FF59700B0501FED44EC71A7DE24AC418781
                                                                                                                                                                                                                                      Function 00007FFD9BA16035 Relevance: 2.0, Strings: 1, Instructions: 779COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 752 7ffd9ba16035-7ffd9ba1606e 756 7ffd9ba16070 752->756 757 7ffd9ba16075-7ffd9ba160ea 752->757 756->757 761 7ffd9ba160f1-7ffd9ba16113 757->761 762 7ffd9ba160ec 757->762 763 7ffd9ba16115-7ffd9ba16125 761->763 764 7ffd9ba1614b-7ffd9ba1618f 761->764 762->761 765 7ffd9ba16127 763->765 766 7ffd9ba1612c-7ffd9ba16148 763->766 770 7ffd9ba166dd-7ffd9ba16772 call 7ffd9ba130a8 764->770 771 7ffd9ba16195-7ffd9ba161b1 764->771 765->766 766->764 792 7ffd9ba16b78-7ffd9ba16b9b 770->792 775 7ffd9ba161b4-7ffd9ba161c1 771->775 776 7ffd9ba16bb0-7ffd9ba16bd6 775->776 777 7ffd9ba161c7-7ffd9ba161d5 775->777 786 7ffd9ba15e69-7ffd9ba15e9f 776->786 787 7ffd9ba16bdc-7ffd9ba16c07 call 7ffd9ba16d74 776->787 778 7ffd9ba161d7 777->778 779 7ffd9ba161dc-7ffd9ba16285 call 7ffd9ba130a8 777->779 778->779 814 7ffd9ba16691-7ffd9ba166ba 779->814 786->787 793 7ffd9ba15ea5-7ffd9ba15efc 786->793 800 7ffd9ba16ba1-7ffd9ba16bae call 7ffd9ba16c36 792->800 801 7ffd9ba16777-7ffd9ba167b0 792->801 817 7ffd9ba15efe 793->817 818 7ffd9ba15f03-7ffd9ba15f70 793->818 800->776 812 7ffd9ba167b2-7ffd9ba167f3 801->812 813 7ffd9ba1681a-7ffd9ba1682b 801->813 832 7ffd9ba1682d-7ffd9ba1682f 812->832 833 7ffd9ba167f5-7ffd9ba16815 812->833 825 7ffd9ba16835-7ffd9ba1683c 813->825 819 7ffd9ba166c0-7ffd9ba166d8 call 7ffd9ba16cd5 814->819 820 7ffd9ba1628a-7ffd9ba162ca 814->820 817->818 842 7ffd9ba15f72-7ffd9ba15f77 818->842 843 7ffd9ba15f79-7ffd9ba15f8a 818->843 819->775 820->814 829 7ffd9ba16842-7ffd9ba168c1 825->829 830 7ffd9ba16b75-7ffd9ba16b76 825->830 854 7ffd9ba168c3 829->854 855 7ffd9ba168c8-7ffd9ba168e2 829->855 830->792 832->825 833->832 839 7ffd9ba16817-7ffd9ba16818 833->839 839->813 845 7ffd9ba15f8d-7ffd9ba15f91 842->845 843->845 845->776 847 7ffd9ba15f97-7ffd9ba15fa4 845->847 849 7ffd9ba15fa6 847->849 850 7ffd9ba15fab-7ffd9ba16015 call 7ffd9ba13080 847->850 849->850 860 7ffd9ba16017 850->860 861 7ffd9ba1601c-7ffd9ba16034 850->861 854->855 857 7ffd9ba168e4 855->857 858 7ffd9ba168e9-7ffd9ba16958 855->858 857->858 866 7ffd9ba1695a-7ffd9ba1696f 858->866 860->861 861->752 867 7ffd9ba1697a-7ffd9ba1699e 866->867 868 7ffd9ba169a0-7ffd9ba169ab 867->868 869 7ffd9ba169f1-7ffd9ba16a16 867->869 868->869 870 7ffd9ba169ad-7ffd9ba169d9 868->870 871 7ffd9ba16a1c-7ffd9ba16b72 call 7ffd9ba130d0 869->871 872 7ffd9ba169e0-7ffd9ba169ef 870->872 873 7ffd9ba169db 870->873 871->830 872->871 873->872
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: @B/
                                                                                                                                                                                                                                      • API String ID: 0-3863299084
                                                                                                                                                                                                                                      • Opcode ID: 56c47284f45dad943086241025df3de8c1e83655c4c9ddf2c2c9ada1d865ee50
                                                                                                                                                                                                                                      • Instruction ID: c7a8dae2079dd8b170a7ffd356c2991095fdc86846827bff3f953e6c01593871
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 56c47284f45dad943086241025df3de8c1e83655c4c9ddf2c2c9ada1d865ee50
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4562EA70E1991D8FDBA9EB58C8A5BA8B7B1FF58300F5141E9D01DE32A1DE756A80CF40
                                                                                                                                                                                                                                      Function 00007FFD9BA26FA1 Relevance: 1.7, Instructions: 1744COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6957da82a15b0c6b6cd58843571f70b2b3ec572c582cef5d357e0adea20baf9d
                                                                                                                                                                                                                                      • Instruction ID: 243f5df8cbffd38ac445e73d0f8214c456bf98742edcee49b3acfa1198717290
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6957da82a15b0c6b6cd58843571f70b2b3ec572c582cef5d357e0adea20baf9d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEC21631B1EE4A4FD7A8EB2884615B577D1FF99310B0502BED44EC76E6DE25BE028780
                                                                                                                                                                                                                                      Function 00007FFD9BA1CBC9 Relevance: 1.7, Strings: 1, Instructions: 492COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1337 7ffd9ba1cbc9-7ffd9ba1cc1a 1339 7ffd9ba1cc21-7ffd9ba1cc5a 1337->1339 1340 7ffd9ba1cc1c 1337->1340 1343 7ffd9ba1cc60-7ffd9ba1cca3 1339->1343 1344 7ffd9ba1cd08-7ffd9ba1cd36 1339->1344 1340->1339 1343->1344 1346 7ffd9ba1cd3f-7ffd9ba1cd76 1344->1346 1350 7ffd9ba1f6a0-7ffd9ba1f6c3 1346->1350 1352 7ffd9ba1f6c9-7ffd9ba1f6f4 call 7ffd9ba1f811 1350->1352 1353 7ffd9ba1cd7b-7ffd9ba1cdb2 1350->1353 1357 7ffd9ba1ce60-7ffd9ba1cea7 1353->1357 1358 7ffd9ba1cdb8-7ffd9ba1cdca 1353->1358 1361 7ffd9ba1cead-7ffd9ba1ceba 1357->1361 1362 7ffd9ba1cf8c-7ffd9ba1cfbd 1357->1362 1358->1357 1366 7ffd9ba1cebe-7ffd9ba1cebf 1361->1366 1365 7ffd9ba1cfc6-7ffd9ba1d038 1362->1365 1370 7ffd9ba1f66b-7ffd9ba1f68e 1365->1370 1366->1366 1367 7ffd9ba1cec0 1366->1367 1367->1362 1372 7ffd9ba1d03d-7ffd9ba1d074 1370->1372 1373 7ffd9ba1f694-7ffd9ba1f69f call 7ffd9ba1f7b1 1370->1373 1376 7ffd9ba1d07a-7ffd9ba1d08d 1372->1376 1377 7ffd9ba1d1dc-7ffd9ba1d223 1372->1377 1373->1350 1376->1377 1380 7ffd9ba1d32a-7ffd9ba1d3be 1377->1380 1381 7ffd9ba1d229-7ffd9ba1d23b 1377->1381 1386 7ffd9ba1d4f0-7ffd9ba1d530 1380->1386 1387 7ffd9ba1d3c4-7ffd9ba1d4e5 1380->1387 1381->1380 1386->1370 1387->1386
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: P5_H
                                                                                                                                                                                                                                      • API String ID: 0-2379055100
                                                                                                                                                                                                                                      • Opcode ID: aea826bf1cb3697f7389f729f1e5e2875352ed1e7fe4458cf05358eb896714c3
                                                                                                                                                                                                                                      • Instruction ID: 052e69024993fc8f8a3b5ce6fb95baae6bc473e2fc71ad78007a496ea3fd9506
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: aea826bf1cb3697f7389f729f1e5e2875352ed1e7fe4458cf05358eb896714c3
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B602ED71A0995D8FDFE9DF1888A5BA877B1FB68304F1111EAD00DE32A1DA756A81CF40
                                                                                                                                                                                                                                      Function 00007FFD9BA2044D Relevance: 1.0, Instructions: 1029COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 8a9e980f1913ea7b1b4f9d259d145dba2ca191be3dd6cd7e894507b47db2e97a
                                                                                                                                                                                                                                      • Instruction ID: 001e6ae33d63943089428656fb19ac0156a7ee0926ee6c588e6daea9679c7bb8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a9e980f1913ea7b1b4f9d259d145dba2ca191be3dd6cd7e894507b47db2e97a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9962B330B19E094FEB68EB6CD465A7973D2FF98700F5501B9E44EC72A2DE24EC428785
                                                                                                                                                                                                                                      Function 00007FFD9B8C16B3 Relevance: 1.0, Instructions: 988COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5a312c373698f8773a7212c8d963c36078ab39ca2ccdfe1ef8e907055dc88cf8
                                                                                                                                                                                                                                      • Instruction ID: 5cb041df87bddda7308a47c542bcab211250364f33776efbaa41e1034a4b31c1
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a312c373698f8773a7212c8d963c36078ab39ca2ccdfe1ef8e907055dc88cf8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2652E560B0DA4D4FE7A9FB6C94A4A7477D1EF99310B0502BBD05EC72E7DD24AC428781
                                                                                                                                                                                                                                      Function 00007FFD9BA18AC7 Relevance: .8, Instructions: 850COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f3e37e2060a7d9e171bceb67c096810c1f90ce06bcc8d19fa8c95c8aa54deb5c
                                                                                                                                                                                                                                      • Instruction ID: 8aead1006f017424552329cef264c87264980d5377be14b807046e9507f5cd20
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3e37e2060a7d9e171bceb67c096810c1f90ce06bcc8d19fa8c95c8aa54deb5c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CD72F770A1995D8FDBA4EF58C8A9BA8B7B1FF58300F5041E9D00DE32A5DE746A81CF41
                                                                                                                                                                                                                                      Function 00007FFD9BA21298 Relevance: .7, Instructions: 678COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4a1c1d84ef339c616564165b59fa837ab9782025e600e31ce536734eabafa619
                                                                                                                                                                                                                                      • Instruction ID: fee0228cae3b66da69b5186c405ed2e86ebe6a23d055c13c1731e7d38829e785
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a1c1d84ef339c616564165b59fa837ab9782025e600e31ce536734eabafa619
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AA327670B19A4D8FEFA8DB58C4A5BA877E2FFA8300F1541B9D04DC7291DE75A981CB40
                                                                                                                                                                                                                                      Function 00007FFD9BA19A65 Relevance: 1.8, APIs: 1, Instructions: 258fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1031 7ffd9ba19a65-7ffd9ba19a6d 1032 7ffd9ba19a70-7ffd9ba19b0f 1031->1032 1033 7ffd9ba19a6f 1031->1033 1036 7ffd9ba19b6d-7ffd9ba19bc5 1032->1036 1037 7ffd9ba19b11-7ffd9ba19b20 1032->1037 1033->1032 1045 7ffd9ba19bc7-7ffd9ba19be7 1036->1045 1046 7ffd9ba19beb-7ffd9ba19c40 CreateFileA 1036->1046 1037->1036 1038 7ffd9ba19b22-7ffd9ba19b25 1037->1038 1040 7ffd9ba19b5f-7ffd9ba19b67 1038->1040 1041 7ffd9ba19b27-7ffd9ba19b3a 1038->1041 1040->1036 1043 7ffd9ba19b3e-7ffd9ba19b51 1041->1043 1044 7ffd9ba19b3c 1041->1044 1043->1043 1047 7ffd9ba19b53-7ffd9ba19b5b 1043->1047 1044->1043 1045->1046 1048 7ffd9ba19c42 1046->1048 1049 7ffd9ba19c48-7ffd9ba19c8c call 7ffd9ba19ca8 1046->1049 1047->1040 1048->1049 1053 7ffd9ba19c8e 1049->1053 1054 7ffd9ba19c93-7ffd9ba19ca7 1049->1054 1053->1054
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                                                      • Opcode ID: 33ac84db377406de438ff703dbce1ad698b3743e369cd37f248ab8dd21787a97
                                                                                                                                                                                                                                      • Instruction ID: 9598102ace602a219ea8193277d53ecdbb197da5ce9c793c8ff58091fe7aa2c7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33ac84db377406de438ff703dbce1ad698b3743e369cd37f248ab8dd21787a97
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C81C73061CB8C4FDB68EF68C8557E97BE0FF59310F15426AE84DC7252CA75A941CB82
                                                                                                                                                                                                                                      Function 00007FFD9BA32BFA Relevance: 1.7, APIs: 1, Instructions: 223windowCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1399 7ffd9ba32bfa-7ffd9ba32d58 CreateCompatibleBitmap 1404 7ffd9ba32d60-7ffd9ba32d88 1399->1404 1405 7ffd9ba32d5a 1399->1405 1405->1404
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: BitmapCompatibleCreate
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 1901715728-0
                                                                                                                                                                                                                                      • Opcode ID: 7181136d52043eb6e901df4d0ba6c7fbf2e3af19fa1b61586042dac7f830f274
                                                                                                                                                                                                                                      • Instruction ID: 78f1d771c6e7dbbd8ea32d411152847bf18058e570495db14df166b02d1bfd0c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7181136d52043eb6e901df4d0ba6c7fbf2e3af19fa1b61586042dac7f830f274
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41619D3148E3C51FC3068BA48C25AD67FF9DF8B22070942EBE085CB5A3C55E594BC7A1
                                                                                                                                                                                                                                      Function 00007FFD9BA1A571 Relevance: 1.7, APIs: 1, Instructions: 166fileCOMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1407 7ffd9ba1a571-7ffd9ba1a623 1412 7ffd9ba1a62d-7ffd9ba1a68b ReadFile 1407->1412 1413 7ffd9ba1a625-7ffd9ba1a62a 1407->1413 1415 7ffd9ba1a68d 1412->1415 1416 7ffd9ba1a693-7ffd9ba1a6db call 7ffd9ba1a6dc 1412->1416 1413->1412 1415->1416
                                                                                                                                                                                                                                      APIs
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID: FileRead
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 2738559852-0
                                                                                                                                                                                                                                      • Opcode ID: b1b1d156cb43177e0b180e46548d08533db9689fcba5e641eda42aedf2851437
                                                                                                                                                                                                                                      • Instruction ID: 43b60bc009c1dfc4456a77451360dbb589faba2bbcdb40a07aba9c832898963c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b1b1d156cb43177e0b180e46548d08533db9689fcba5e641eda42aedf2851437
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: F441B271A08B1C4FDB98EF98D8456EDBBE1FB99310F00426AD04DD7296CA74A945CBC2
                                                                                                                                                                                                                                      Function 00007FFD9B8CC001 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                                                      control_flow_graph 1811 7ffd9b8cc001-7ffd9b8cc04b 1812 7ffd9b8cc065-7ffd9b8cc0bb 1811->1812 1813 7ffd9b8cc04d-7ffd9b8cc063 1811->1813 1821 7ffd9b8cc0c1-7ffd9b8cc112 1812->1821 1822 7ffd9b8cc20f-7ffd9b8cc25d 1812->1822 1813->1812 1821->1822 1830 7ffd9b8cc118-7ffd9b8cc130 1821->1830 1830->1822 1832 7ffd9b8cc136-7ffd9b8cc1eb 1830->1832 1843 7ffd9b8cc1f1-7ffd9b8cc20e 1832->1843
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: |?_H
                                                                                                                                                                                                                                      • API String ID: 0-1790896812
                                                                                                                                                                                                                                      • Opcode ID: 3bf892618654cdce11bc0f0122f1274f9d98dfa4a5e7d3cf0e49b393b73e6173
                                                                                                                                                                                                                                      • Instruction ID: 39eab01f693fddafe9f85f45c1959a1cdaa3ec7db6dfa31f71321bc1c537599f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bf892618654cdce11bc0f0122f1274f9d98dfa4a5e7d3cf0e49b393b73e6173
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4B810662B1EB890FE7A5EB6C88685747BE1EF5A310B0601FBD489C71E3D918AC45C781
                                                                                                                                                                                                                                      Function 00007FFD9B8CD9CA Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                                                      • Opcode ID: d288869505e0b001f5d7b904875488701368bc612e6afa4493c164f2d5117b0f
                                                                                                                                                                                                                                      • Instruction ID: 5e4554ec10b080c1f083162a8639e50ea4621dedf2683193801ea0e1c2ad61d9
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d288869505e0b001f5d7b904875488701368bc612e6afa4493c164f2d5117b0f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26416F7171CE0D4FDBA8EB1CD465A7473D2FB98710B5142AAE04EC72B6DE25EC428781
                                                                                                                                                                                                                                      Function 00007FFD9B7F7D58 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 23b1a7ca5cd7a42afc9536dd41af56621ca1780d176e2df00bb6aa1e4b49d64f
                                                                                                                                                                                                                                      • Instruction ID: 68281ed0ac4222f49e07a2d34e30c6ad61e30dc257841aac2b590b78e995060f
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23b1a7ca5cd7a42afc9536dd41af56621ca1780d176e2df00bb6aa1e4b49d64f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E8D14171A1895D8FDBA8EF1888A5AE8B7E1FF64300F4541F9D01CD32A6DE346A818F41
                                                                                                                                                                                                                                      Function 00007FFD9B7F3299 Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 4e011de987020d4c1adbe9521c3e0c0d0d9bf4027f825fc084888c07e53ffeb8
                                                                                                                                                                                                                                      • Instruction ID: 191daf26274bb78b3d1220ce14409c93f29f11c2ea8be8660d12bb3d35c7f992
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4e011de987020d4c1adbe9521c3e0c0d0d9bf4027f825fc084888c07e53ffeb8
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EDC15F71E0965D8FEBA8EB98C8657B8BBB1FF54300F5142BAD00DD32A1CE346981CB54
                                                                                                                                                                                                                                      Function 00007FFD9B8C22EB Relevance: .3, Instructions: 291COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fc000a9ee45a6a7447fd790defd1f9538e0b50daf36b11e999d56792031dab10
                                                                                                                                                                                                                                      • Instruction ID: a1887c3ade1a6d5636cf520c348199b8864e79a9166c5d6e56ba4954cc40b577
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc000a9ee45a6a7447fd790defd1f9538e0b50daf36b11e999d56792031dab10
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C811360B0DA490FE7A9EB6C9865B7477D1EF9A320B0501BBD04EC72F7DD18AC428381
                                                                                                                                                                                                                                      Function 00007FFD9B8CBD6C Relevance: .3, Instructions: 289COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6f49b49af2a3a8f3a6821e611aeec934ff9554fb0de16e054e0f08ee7b314e8e
                                                                                                                                                                                                                                      • Instruction ID: 1fa8e0af5f1d568ced6a002482f24c41eaac45ea0fc7146054f50adb03c45baf
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f49b49af2a3a8f3a6821e611aeec934ff9554fb0de16e054e0f08ee7b314e8e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC71157171DE4C4FDB98EB1C9465A757BE2EF9D710B0641ABE48AC72B3DA20EC028741
                                                                                                                                                                                                                                      Function 00007FFD9B7F2FF0 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 581396e333a21f9c0fbd24316d02c9265be345ad5027ea6e31bfeabf27a381d6
                                                                                                                                                                                                                                      • Instruction ID: 8d14c8707b1e88bdb8bc2568df465039865f56a1ae584e56baaca39cc7aab15d
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 581396e333a21f9c0fbd24316d02c9265be345ad5027ea6e31bfeabf27a381d6
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2691D671F0DA4D4FDB58CFA888646BD7FE2EF98350F1502BAD04DE32A2DE2469018795
                                                                                                                                                                                                                                      Function 00007FFD9B8CC268 Relevance: .3, Instructions: 261COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 6fdaf93e358f37ba58330fd37d3868bcb7fbb3c41f8936d9601b6b5567213da1
                                                                                                                                                                                                                                      • Instruction ID: 04420ebe08773936915a484b642134e04c0021c01f523565fffd1bbe3917cca8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6fdaf93e358f37ba58330fd37d3868bcb7fbb3c41f8936d9601b6b5567213da1
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: B371147171CA4D4FDBA8DB1C9468A3577E2EF99310B0501BFE44EC72A2DE25EC028781
                                                                                                                                                                                                                                      Function 00007FFD9B7F2E90 Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: ee315a0d1fdac44abd40a27ccc4dd6c4b369de74c6ba91f5cf676138cbde31cf
                                                                                                                                                                                                                                      • Instruction ID: 0d6d3709ef802b1594ed57007b273d7460604f8efc264d77a47f7a93154df1c5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee315a0d1fdac44abd40a27ccc4dd6c4b369de74c6ba91f5cf676138cbde31cf
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6291EB30A19A1D8FDBA4EF58C4A5BAD7BF1FF58300F5101A9E00DD72A6DE35A981CB44
                                                                                                                                                                                                                                      Function 00007FFD9B8CD189 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 3e00478f95aa5ac9ebbe8dafde8effd6500732b2debd28742ae091dff3453c31
                                                                                                                                                                                                                                      • Instruction ID: 717c0fa9346a2bab5a467b9c60da0dfba60208450a28859e834bb3d50203b646
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e00478f95aa5ac9ebbe8dafde8effd6500732b2debd28742ae091dff3453c31
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8861F571B0DB494FE798AB2C98655743BE2EF9A35070A01EFE499C72B3ED15AC028341
                                                                                                                                                                                                                                      Function 00007FFD9B7F30DD Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 33814b51f71d5b66e26bc98649bd661ae27a8094d131d37cfb1baf6acac5965c
                                                                                                                                                                                                                                      • Instruction ID: 62d5a575dcaf6ef45b6d0bab20166e9fad6154b6412ebf49385d28dec3be13b4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33814b51f71d5b66e26bc98649bd661ae27a8094d131d37cfb1baf6acac5965c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80411A27F0F6D90BD711F7AC78B44EC7BA0DF82229B4A42F7D0988A0E7DC1829458394
                                                                                                                                                                                                                                      Function 00007FFD9B8C031D Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 047cb6882aeab607cd4e3e819fd9f6a4c373b1ba145566e9abe393796850c17c
                                                                                                                                                                                                                                      • Instruction ID: de9bbc4ab571a5ef9c7815bf97379bd2ba472fcedc6d2fb1c8c3ab78b27a1862
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 047cb6882aeab607cd4e3e819fd9f6a4c373b1ba145566e9abe393796850c17c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B41583170DB894FD76597289869A753FF1EF5A320B0902FBD449C72E3D918AC05C382
                                                                                                                                                                                                                                      Function 00007FFD9B7F2CBD Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 756aa38d5b61be5c6e6f8a0f833198a42375449663d51213bb12c50edcd09649
                                                                                                                                                                                                                                      • Instruction ID: f17a34b675aa59017e19181ea634604a479c76052b3d3c8918e57db896f9baa5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 756aa38d5b61be5c6e6f8a0f833198a42375449663d51213bb12c50edcd09649
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46311831F0EBCD5FEB519BA888645A87FA0FF51304F8901FAE458C60F3DA24A949C741
                                                                                                                                                                                                                                      Function 00007FFD9B7F0A52 Relevance: .1, Instructions: 112COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5dda4ad7ffad8ec06bc9f100a9d0c3c7722c98762d7375dacfb42f0fda070019
                                                                                                                                                                                                                                      • Instruction ID: 9a5364f3e9d8aac71b63aab7b8ff14816c4bf31ee539735bcff222f854ad4b8b
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dda4ad7ffad8ec06bc9f100a9d0c3c7722c98762d7375dacfb42f0fda070019
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4417171A08A4C8FE789DF58C8A87A97FE1FBA5704F5001AAD00CD77DADBB42805CB40
                                                                                                                                                                                                                                      Function 00007FFD9B7F30D0 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b875fa21daa9220b75a6731b30fe625065ef21a190bd800f7a91f57ec8486887
                                                                                                                                                                                                                                      • Instruction ID: df8029c13a838f4d7c90c400983bdb24ba603a57a33bb6b25bfb5a5d238d250e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b875fa21daa9220b75a6731b30fe625065ef21a190bd800f7a91f57ec8486887
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F21F172F09A4D4FEB94CEAC88646AD7BE2EFD8310F14426AD40DE3261DA3469018781
                                                                                                                                                                                                                                      Function 00007FFD9B7F334C Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: becede404b2848f061e0bb37fda0db8d60f65cd7eecb48d0a90a5e50f1f91b11
                                                                                                                                                                                                                                      • Instruction ID: ebed46c0336fd4ba668f3781b7d754c26a7300d2031793d876eb01d3ff44c9b0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: becede404b2848f061e0bb37fda0db8d60f65cd7eecb48d0a90a5e50f1f91b11
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94212C71F1D61D8EDBA8DA9894657FCBBA1FF58300F4141BAD00ED32A1CA346A80CF55
                                                                                                                                                                                                                                      Function 00007FFD9B8C2119 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b0b8a37cc4ad4cdd78b790aaafed8fb0041b94ee9b28efed7fa691db8b81b8a9
                                                                                                                                                                                                                                      • Instruction ID: bc654843076a122d1ff1410ee90aaec4554626775a0c2ce895589b327c801280
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0b8a37cc4ad4cdd78b790aaafed8fb0041b94ee9b28efed7fa691db8b81b8a9
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: DB11D371B1EA890FE7A5EB6C84A463836D2EF98710B1511BFE04DC72F3DE25AC428301
                                                                                                                                                                                                                                      Function 00007FFD9B7F275D Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 739e070bf49ea3d526bd06e8b4c1e4046b7f9cacdd67f9908ff50cb4fd8fad50
                                                                                                                                                                                                                                      • Instruction ID: 8ec3afc5755874cc5128976b3ed3bc4005e11054f12fc4195cbd6704946f70d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 739e070bf49ea3d526bd06e8b4c1e4046b7f9cacdd67f9908ff50cb4fd8fad50
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6B21B271B1A68D4FFB98FFA888A56A8BA90FF44300F8105B9E41DC21E7CD3469508B91
                                                                                                                                                                                                                                      Function 00007FFD9B8C04FD Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2393ac65e6a784a48379637aa3569b36086896bf7949e1fceef9c4bcda25a5fd
                                                                                                                                                                                                                                      • Instruction ID: 21036d94ff6798fe0739ec85b6b65ff80e760395125e9341f324d74bc67349f7
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2393ac65e6a784a48379637aa3569b36086896bf7949e1fceef9c4bcda25a5fd
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5211D3A1B1EA890FE799AB5C44A463437D2EF9C750B1501BBE04DC33F2DE24EC418705
                                                                                                                                                                                                                                      Function 00007FFD9B8C06E0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: f23ca4e1e12439c2e0ef49f4145309bf9051b34d66ab5b6eb29d706ffabe401a
                                                                                                                                                                                                                                      • Instruction ID: 4b876cb35962565bf1dafb303bfdfa6030181bf60f6fe451ffaa2c4eaae3708c
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: f23ca4e1e12439c2e0ef49f4145309bf9051b34d66ab5b6eb29d706ffabe401a
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13113AA1B2E6894FD768AB5C846453437D1EF98B50B1A01BED05CC72F3CD2A9D028701
                                                                                                                                                                                                                                      Function 00007FFD9B7F0D01 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5c2783e04afc096c620487a885f5c044c2b827914076b362e5c5bc84e0d15731
                                                                                                                                                                                                                                      • Instruction ID: f062901827b1ad89fb4f42c4c920707a1b06c6f491e9d1fb48ff161f6328fbf5
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5c2783e04afc096c620487a885f5c044c2b827914076b362e5c5bc84e0d15731
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1901A172F1E68DAFE7A5AF6488666F87F91EF54600F4102BAD008C61F3DD2939508745
                                                                                                                                                                                                                                      Function 00007FFD9B8C07CE Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885101776.00007FFD9B8C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8C0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b8c0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: fb1c053eb5839436cdd7e6fb67297cd53a3d9c705766e138d3e2a358106f4be4
                                                                                                                                                                                                                                      • Instruction ID: b19e95c5ad38b0c129ddcc75a937f71ab799a2e9c5137b78616c516b5d5c4ea4
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb1c053eb5839436cdd7e6fb67297cd53a3d9c705766e138d3e2a358106f4be4
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8211C67071EA898FDBA5E72C8464E247BE1FF59710B1941AEE04DC71E2CE28AC41C785
                                                                                                                                                                                                                                      Function 00007FFD9B7F1F71 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c2d48fcb3c434536cf8246788bf3f7c45f514edd84735e0863be328fcc4cdb1e
                                                                                                                                                                                                                                      • Instruction ID: fb894e5e7cacce784bf802890cff283e0ec71aec88176d2df99db02717862e10
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c2d48fcb3c434536cf8246788bf3f7c45f514edd84735e0863be328fcc4cdb1e
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74119670A19A1D8FDBA9DB58C894AA877B6FF59301F1002E9D00DE7261CB71AE81CF44
                                                                                                                                                                                                                                      Function 00007FFD9B7F0850 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: bcb1cad43d845828d2bbf77e0a200a9d448db89979b2ca19d999630c4251709d
                                                                                                                                                                                                                                      • Instruction ID: 6c3cd7e47c360ea646bb9b4cd76cdc1bbff80dfd8fe1375db5cb99eed003b839
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: bcb1cad43d845828d2bbf77e0a200a9d448db89979b2ca19d999630c4251709d
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE01A717F0F68D46D72267AC68750F93B60EF82529F0A03B2E098950F3DC0965168195
                                                                                                                                                                                                                                      Function 00007FFD9B7F3775 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 2e901bfbb569a3f61e9eaeec62de08e1fab62dc77e1b5afe733a4eb46ef7c0da
                                                                                                                                                                                                                                      • Instruction ID: 4ce935c693cad675c869f1d7b7c97ecc5d6a603afe5ca009118db4f571a1dcf0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e901bfbb569a3f61e9eaeec62de08e1fab62dc77e1b5afe733a4eb46ef7c0da
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: BB014C70908A4D8FDF84EF58C898AAE7FF0FF68300F0105AAD418D72A1D7309554CB80
                                                                                                                                                                                                                                      Function 00007FFD9B7F2EE0 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: cf23ceb0855ef4bf928cf5d7ea7078f7fa2b3b76ffb53218ce513a5ce2d47097
                                                                                                                                                                                                                                      • Instruction ID: 746bdfee5fa245fb4b77cdac39866ccb47378d41300f9e37cbd0d83ee4764d90
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: cf23ceb0855ef4bf928cf5d7ea7078f7fa2b3b76ffb53218ce513a5ce2d47097
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0501DA30914A0D9FDF84EF58C849AFE7BF0FB68305F11056AA419D3260DB70A590CB80
                                                                                                                                                                                                                                      Function 00007FFD9B7F2FA8 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: d85e1137e12c91c6f4a4a0786c9e81e2375c3ac3c72eaf1af0bce854be6d5cac
                                                                                                                                                                                                                                      • Instruction ID: aa60853e1d3455dc55d2a893693433ebbc28d3193aa0d2ad23a3e68bf50d13e8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d85e1137e12c91c6f4a4a0786c9e81e2375c3ac3c72eaf1af0bce854be6d5cac
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE01C830914A4DDFDF84EF58C849AEE7BF0FB28305F10056AA419D3260DB30A690CB81
                                                                                                                                                                                                                                      Function 00007FFD9B7F21F9 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: b4a90b699bf2f8d189033f9087cc41712f499a45d306ec327c8766892c7de103
                                                                                                                                                                                                                                      • Instruction ID: 0b25db819b742795e68810fb97edf14af0cf07b0a84ab170ddf84ab7769a411e
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4a90b699bf2f8d189033f9087cc41712f499a45d306ec327c8766892c7de103
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A801213091968D8FCB85DF58C854AA97BB0FF19300F4505EAD418C72A2D7349954CB01
                                                                                                                                                                                                                                      Function 00007FFD9B7F2F08 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: a1f7aa2d58b022493238e5e250c3431a18f35bb60031a19f3bfe8dc3c39fd2af
                                                                                                                                                                                                                                      • Instruction ID: 771048043717e43525679407e721c59d2c373d31dd00e4d18f2bd36f8ef86353
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: a1f7aa2d58b022493238e5e250c3431a18f35bb60031a19f3bfe8dc3c39fd2af
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A801BB70914A0D8FDF84EF58C858AAE7BF0FB68305F10456AA41DD3264DB30A690CB80
                                                                                                                                                                                                                                      Function 00007FFD9B7F185F Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: c8bfffd92dc6f34159d0ae715c68a14ef95fc47c855e76e77e56f6bb9806984f
                                                                                                                                                                                                                                      • Instruction ID: 3072d57988c4db1bc4ce6e93ae2250d300dd8b921fef1b4f629229cdc532ec18
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8bfffd92dc6f34159d0ae715c68a14ef95fc47c855e76e77e56f6bb9806984f
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: D1015C70A19A1D8FDBA9DB58C894AA877B5FB55701F1011E9D00DE7261CB71AE80CF44
                                                                                                                                                                                                                                      Function 00007FFD9B7F3790 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 5dbfee83474246972207ebef265887b5067b044547b592d02bb37c545ec936ef
                                                                                                                                                                                                                                      • Instruction ID: 17a8d3448a17244c64752212ab6f79e66e1acb2c8ae92f16d9cbcf7a414ba0f8
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5dbfee83474246972207ebef265887b5067b044547b592d02bb37c545ec936ef
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E601797091491DCFDF84EF58C858AAE7BF0FB68305F10456AE419D3264DB71A694CB81
                                                                                                                                                                                                                                      Function 00007FFD9B7F1E4F Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: e7cd80017c983a6c8cd2e9d04fea30f8121e0b746f3341fe064f7e295c7d8119
                                                                                                                                                                                                                                      • Instruction ID: 44a75a0f6870158948b19b1dd728d0594fc284dcc4c7442c3889e8e2ac7909d0
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7cd80017c983a6c8cd2e9d04fea30f8121e0b746f3341fe064f7e295c7d8119
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7F03130F0E71E8FDB799984886127976E6EF45301F110278E44D966B0DB396F52CAC5
                                                                                                                                                                                                                                      Function 00007FFD9B7F0D99 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 0d87803803e3595a8d777037b22fcb551474b6d4c77a2f65b37f0ee5d75b7a2c
                                                                                                                                                                                                                                      • Instruction ID: 785f627ad0c1e2c176f72e2535fd13e9f491acc86d788fadb13e5b1d66c65e43
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d87803803e3595a8d777037b22fcb551474b6d4c77a2f65b37f0ee5d75b7a2c
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04F0F672E0F78D8FE7629F6448691E87FB0EF55210F4A01E7D048C71F3EA2825948341
                                                                                                                                                                                                                                      Function 00007FFD9B7F2D70 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 855c8cd5258e1069d5d2ea526701914d03d9a58e4def025295c1b836c1a4d995
                                                                                                                                                                                                                                      • Instruction ID: 317c55132b6887fcaa2bb727b255860f0252e10bfbdda20316ee05f23abc4237
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 855c8cd5258e1069d5d2ea526701914d03d9a58e4def025295c1b836c1a4d995
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56F0F830914A4C9FDF84EFA8C458AA9BBB0FB68305F4041AAA41DD31A0DB31AA94CB40
                                                                                                                                                                                                                                      Function 00007FFD9B7F0873 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1884754839.00007FFD9B7F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B7F0000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9b7f0000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 26ee672d381010fe0415e49a4abc78df2372cdfdfcc3e600f4122d7bbe8dea66
                                                                                                                                                                                                                                      • Instruction ID: 65574d5dc84ee070271251f8630f2cd9cc3fd103caa23adf99ad892a18678aff
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 26ee672d381010fe0415e49a4abc78df2372cdfdfcc3e600f4122d7bbe8dea66
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 82F01261A1E7CD5ED76367F418651E47F70AF53204F4A01A3E058D60F3D9185A28C3A6

                                                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                                                      Function 00007FFD9BA2EBCD Relevance: 1.6, Strings: 1, Instructions: 364COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Strings
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID: 8)_L
                                                                                                                                                                                                                                      • API String ID: 0-1628323357
                                                                                                                                                                                                                                      • Opcode ID: d412129468075b9bc30736573a6356dfdf45cdda88099e4a779cb818e9129905
                                                                                                                                                                                                                                      • Instruction ID: d0703a718ce675cb70dd6520d5b3c2ee4308f54a3036356ea2d3d9304f2c1b40
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: d412129468075b9bc30736573a6356dfdf45cdda88099e4a779cb818e9129905
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: A7B1D831B1DA4A4FDBA8EB688465A7577D1FF99300B1100BDD44EC76E2DE25ED42C780
                                                                                                                                                                                                                                      Function 00007FFD9BA27935 Relevance: .5, Instructions: 493COMMON
                                                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                                                      • Source File: 00000000.00000002.1885988453.00007FFD9BA10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9BA10000, based on PE: false
                                                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_7ffd9ba10000_gC0jV08bP3.jbxd
                                                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                                                      • Opcode ID: 70166df7cf95fd9dc3e6eff8b3696d7f9fa778094ee196e8ff24ac3a96cafd10
                                                                                                                                                                                                                                      • Instruction ID: 3398d5aca54f6fd81608f71183f51bee26ca314e3f9be0828e3d9209de633f37
                                                                                                                                                                                                                                      • Opcode Fuzzy Hash: 70166df7cf95fd9dc3e6eff8b3696d7f9fa778094ee196e8ff24ac3a96cafd10
                                                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4EF10631A1DE4A4FDBACEB2890619B5B7D1EF98310B1145BED05EC36E6DE25F902C740