Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
lastest.exe

Overview

General Information

Sample name:lastest.exe
Analysis ID:1575637
MD5:d51ff4ddc2f854ca93e0f1d04b73f29e
SHA1:48c15d887fdb2b303def489c857db926cc4453ee
SHA256:b4805d9fa4ac2354f8819c739ddf7095c397e916b29468f065c0907394909fe5
Tags:exeNjRATuser-lontze7
Infos:

Detection

Njrat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops fake system file at system root drive
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Njrat
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Creates autorun.inf (USB autostart)
Creates autostart registry keys with suspicious names
Drops PE files to the startup folder
Drops PE files with benign system names
Machine Learning detection for dropped file
Machine Learning detection for sample
Modifies the windows firewall
Protects its processes via BreakOnTermination flag
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Uses netsh to modify the Windows network and firewall settings
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Uncommon Svchost Parent Process
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes
Yara signature match

Classification

Process Tree

  • System is w10x64
  • lastest.exe (PID: 6604 cmdline: "C:\Users\user\Desktop\lastest.exe" MD5: D51FF4DDC2F854CA93E0F1D04B73F29E)
    • svchost.exe (PID: 1252 cmdline: "C:\Users\user\AppData\Roaming\svchost.exe" MD5: D51FF4DDC2F854CA93E0F1D04B73F29E)
      • netsh.exe (PID: 4764 cmdline: netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE MD5: 4E89A1A088BE715D6C946E55AB07C7DF)
        • conhost.exe (PID: 5688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • taskkill.exe (PID: 4836 cmdline: taskkill /F /IM ApplicationFrameHost.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6768 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 3912 cmdline: "C:\Users\user\AppData\Roaming\svchost.exe" .. MD5: D51FF4DDC2F854CA93E0F1D04B73F29E)
  • svchost.exe (PID: 1276 cmdline: "C:\Users\user\AppData\Roaming\svchost.exe" .. MD5: D51FF4DDC2F854CA93E0F1D04B73F29E)
  • svchost.exe (PID: 6208 cmdline: "C:\Users\user\AppData\Roaming\svchost.exe" .. MD5: D51FF4DDC2F854CA93E0F1D04B73F29E)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NjRATRedPacket Security describes NJRat as "a remote access trojan (RAT) has capabilities to log keystrokes, access the victim's camera, steal credentials stored in browsers, open a reverse shell, upload/download files, view the victim's desktop, perform process, file, and registry manipulations, and capabilities to let the attacker update, uninstall, restart, close, disconnect the RAT and rename its campaign ID. Through the Command & Control (CnC) server software, the attacker has capabilities to create and configure the malware to spread through USB drives."It is supposedly popular with actors in the Middle East. Similar to other RATs, many leaked builders may be backdoored.
  • AQUATIC PANDA
  • Earth Lusca
  • Operation C-Major
  • The Gorgon Group
https://malpedia.caad.fkie.fraunhofer.de/details/win.njrat

Malware Configuration

Threatname: Njrat

{"Host": "pool-tournaments.gl.at.ply.gg", "Port": "7445", "Version": "im523", "Campaign ID": "svchost.exe", "Install Name": "svchost.exe", "Install Dir": "AppData"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
lastest.exeJoeSecurity_NjratYara detected NjratJoe Security
    lastest.exeWindows_Trojan_Njrat_30f3c220unknownunknown
    • 0x64c1:$a1: get_Registry
    • 0x7f1c:$a3: Download ERROR
    • 0x820e:$a5: netsh firewall delete allowedprogram "
    lastest.exenjrat1Identify njRatBrian Wallace @botnet_hunter
    • 0x8104:$a1: netsh firewall add allowedprogram
    • 0x82fe:$b1: [TAP]
    • 0x82a4:$b2: & exit
    • 0x8270:$c1: md.exe /k ping 0 & del
    lastest.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
    • 0x820e:$s1: netsh firewall delete allowedprogram
    • 0x8104:$s2: netsh firewall add allowedprogram
    • 0x826e:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
    • 0x7ef8:$s4: Execute ERROR
    • 0x7f58:$s4: Execute ERROR
    • 0x7f1c:$s5: Download ERROR
    • 0x82b4:$s6: [kl]

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\svchost.exeJoeSecurity_NjratYara detected NjratJoe Security
      C:\svchost.exeWindows_Trojan_Njrat_30f3c220unknownunknown
      • 0x64c1:$a1: get_Registry
      • 0x7f1c:$a3: Download ERROR
      • 0x820e:$a5: netsh firewall delete allowedprogram "
      C:\svchost.exenjrat1Identify njRatBrian Wallace @botnet_hunter
      • 0x8104:$a1: netsh firewall add allowedprogram
      • 0x82fe:$b1: [TAP]
      • 0x82a4:$b2: & exit
      • 0x8270:$c1: md.exe /k ping 0 & del
      C:\svchost.exeMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
      • 0x820e:$s1: netsh firewall delete allowedprogram
      • 0x8104:$s2: netsh firewall add allowedprogram
      • 0x826e:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
      • 0x7ef8:$s4: Execute ERROR
      • 0x7f58:$s4: Execute ERROR
      • 0x7f1c:$s5: Download ERROR
      • 0x82b4:$s6: [kl]
      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeJoeSecurity_NjratYara detected NjratJoe Security
        Click to see the 7 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_NjratYara detected NjratJoe Security
          00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmpWindows_Trojan_Njrat_30f3c220unknownunknown
          • 0x62c1:$a1: get_Registry
          • 0x7d1c:$a3: Download ERROR
          • 0x800e:$a5: netsh firewall delete allowedprogram "
          00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmpnjrat1Identify njRatBrian Wallace @botnet_hunter
          • 0x7f04:$a1: netsh firewall add allowedprogram
          • 0x80fe:$b1: [TAP]
          • 0x80a4:$b2: & exit
          • 0x8070:$c1: md.exe /k ping 0 & del
          00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_NjratYara detected NjratJoe Security
            Process Memory Space: lastest.exe PID: 6604JoeSecurity_NjratYara detected NjratJoe Security
              Click to see the 1 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.lastest.exe.3a0000.0.unpackJoeSecurity_NjratYara detected NjratJoe Security
                0.0.lastest.exe.3a0000.0.unpackWindows_Trojan_Njrat_30f3c220unknownunknown
                • 0x64c1:$a1: get_Registry
                • 0x7f1c:$a3: Download ERROR
                • 0x820e:$a5: netsh firewall delete allowedprogram "
                0.0.lastest.exe.3a0000.0.unpacknjrat1Identify njRatBrian Wallace @botnet_hunter
                • 0x8104:$a1: netsh firewall add allowedprogram
                • 0x82fe:$b1: [TAP]
                • 0x82a4:$b2: & exit
                • 0x8270:$c1: md.exe /k ping 0 & del
                0.0.lastest.exe.3a0000.0.unpackMALWARE_Win_NjRATDetects NjRAT / BladabindiditekSHen
                • 0x820e:$s1: netsh firewall delete allowedprogram
                • 0x8104:$s2: netsh firewall add allowedprogram
                • 0x826e:$s3: 63 00 6D 00 64 00 2E 00 65 00 78 00 65 00 20 00 2F 00 6B 00 20 00 70 00 69 00 6E 00 67
                • 0x7ef8:$s4: Execute ERROR
                • 0x7f58:$s4: Execute ERROR
                • 0x7f1c:$s5: Download ERROR
                • 0x82b4:$s6: [kl]

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Files With System Process Name In Unsuspected Locations
                Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\lastest.exe, ProcessId: 6604, TargetFilename: C:\Users\user\AppData\Roaming\svchost.exe
                Sigma detected: System File Execution Location Anomaly
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\svchost.exe, NewProcessName: C:\Users\user\AppData\Roaming\svchost.exe, OriginalFileName: C:\Users\user\AppData\Roaming\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\lastest.exe", ParentImage: C:\Users\user\Desktop\lastest.exe, ParentProcessId: 6604, ParentProcessName: lastest.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , ProcessId: 1252, ProcessName: svchost.exe
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\svchost.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\svchost.exe, ProcessId: 1252, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\65449e22560e51e0740c2a10dc6c9c59
                Sigma detected: Startup Folder File Write
                Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\svchost.exe, ProcessId: 1252, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\svchost.exe, NewProcessName: C:\Users\user\AppData\Roaming\svchost.exe, OriginalFileName: C:\Users\user\AppData\Roaming\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\lastest.exe", ParentImage: C:\Users\user\Desktop\lastest.exe, ParentProcessId: 6604, ParentProcessName: lastest.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , ProcessId: 1252, ProcessName: svchost.exe
                Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\svchost.exe" .., EventID: 13, EventType: SetValue, Image: C:\Users\user\AppData\Roaming\svchost.exe, ProcessId: 1252, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\65449e22560e51e0740c2a10dc6c9c59
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\svchost.exe, NewProcessName: C:\Users\user\AppData\Roaming\svchost.exe, OriginalFileName: C:\Users\user\AppData\Roaming\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\lastest.exe", ParentImage: C:\Users\user\Desktop\lastest.exe, ParentProcessId: 6604, ParentProcessName: lastest.exe, ProcessCommandLine: "C:\Users\user\AppData\Roaming\svchost.exe" , ProcessId: 1252, ProcessName: svchost.exe

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Sigma detected: Drops fake system file at system root drive
                Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\AppData\Roaming\svchost.exe, ProcessId: 1252, TargetFilename: C:\svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:35:13.865022+010020211761Malware Command and Control Activity Detected192.168.2.549704147.185.221.207445TCP
                2024-12-16T07:35:37.702045+010020211761Malware Command and Control Activity Detected192.168.2.549751147.185.221.207445TCP
                2024-12-16T07:36:01.747087+010020211761Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:25.777033+010020211761Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:49.808868+010020211761Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:13.833377+010020211761Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:37.854337+010020211761Malware Command and Control Activity Detected192.168.2.549982147.185.221.207445TCP
                2024-12-16T07:38:01.892721+010020211761Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:25.917926+010020211761Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:49.932510+010020211761Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:35:13.865022+010020331321Malware Command and Control Activity Detected192.168.2.549704147.185.221.207445TCP
                2024-12-16T07:35:37.702045+010020331321Malware Command and Control Activity Detected192.168.2.549751147.185.221.207445TCP
                2024-12-16T07:36:01.747087+010020331321Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:25.777033+010020331321Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:49.808868+010020331321Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:13.833377+010020331321Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:37.854337+010020331321Malware Command and Control Activity Detected192.168.2.549982147.185.221.207445TCP
                2024-12-16T07:38:01.892721+010020331321Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:25.917926+010020331321Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:49.932510+010020331321Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:35:19.402060+010028255641Malware Command and Control Activity Detected192.168.2.549704147.185.221.207445TCP
                2024-12-16T07:35:44.173741+010028255641Malware Command and Control Activity Detected192.168.2.549751147.185.221.207445TCP
                2024-12-16T07:36:04.183193+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:06.589882+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:08.450936+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:14.471424+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:14.792848+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:16.011578+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:16.136466+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:16.456638+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:16.696834+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:17.058862+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:17.436114+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:17.665248+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:17.785138+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:19.834714+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:20.200418+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:20.523289+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:23.617868+010028255641Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:26.016692+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:26.478154+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:26.719443+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:26.839819+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:28.045455+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:29.070396+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:29.192557+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:29.488290+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:29.769880+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:32.426885+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:32.546846+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:32.759250+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:33.479851+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:34.581003+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:34.993090+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:35.112916+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:35.500312+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:35.620578+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:35.756590+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:35.876706+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:36.119353+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:36.720398+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:37.206962+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:37.935089+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:38.295609+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:38.539136+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:39.623695+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:39.743763+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:40.344752+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:41.580488+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:41.956055+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:42.123168+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:42.525402+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:42.646800+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:42.821831+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:43.423824+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:43.546122+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:43.732336+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:44.706765+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:44.946739+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:45.323926+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:45.654817+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:45.894450+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:46.501266+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:46.981398+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:47.626695+010028255641Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:50.048811+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:51.259903+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:51.986176+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:52.346505+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:52.587240+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:53.186942+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:53.667363+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:54.029317+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:54.149885+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:54.390056+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:55.139183+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:55.738951+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:56.219084+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:56.819826+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:57.299894+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:00.300608+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:00.781294+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:00.901071+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:01.403674+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:01.523537+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:01.781878+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:01.901870+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:02.078659+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:02.198870+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:02.318925+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:02.559801+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:03.103324+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:03.450166+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:03.779339+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:04.139180+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:04.378782+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:04.498628+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:04.618530+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:04.739062+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:04.923458+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:05.644309+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:05.884403+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:06.555100+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:06.725844+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:06.845816+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:07.446021+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:08.048217+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:08.890787+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:11.174846+010028255641Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:14.341659+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:14.692657+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:15.053384+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:15.293910+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:15.485726+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:16.096153+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:16.937833+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:17.178508+010028255641Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:37:40.746805+010028255641Malware Command and Control Activity Detected192.168.2.549982147.185.221.207445TCP
                2024-12-16T07:38:09.308963+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:11.948763+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:19.652155+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:19.917662+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:21.152158+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:21.277702+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:21.890778+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:22.010788+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:22.130594+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:22.250623+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:22.850528+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:22.970377+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:23.570735+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:23.691383+010028255641Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                2024-12-16T07:38:26.397500+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:26.998958+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:27.480577+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:27.600444+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:28.199927+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:28.439485+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:28.559457+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:28.679790+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:28.799731+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:29.039630+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:29.159523+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:29.646967+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:29.767036+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:29.886954+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:30.457612+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:30.577473+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:30.728310+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:31.807676+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:33.461963+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:33.586027+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:33.736205+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:34.455344+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:34.575743+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:35.179053+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:35.298848+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:35.660538+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:35.780316+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:36.594205+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:37.194495+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:37.805077+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:38.284275+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:38.763761+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:38.918757+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:39.158681+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:39.278491+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:39.425251+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:40.749934+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:41.573108+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:42.172339+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:42.651778+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:43.250899+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:43.490480+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:43.611343+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:43.948688+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:44.366048+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:44.485828+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:44.725489+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:45.328945+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:45.928694+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:46.451084+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:46.651256+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:46.988195+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:47.235112+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:47.479222+010028255641Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:50.557819+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:51.156781+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:52.236827+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:52.836387+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:53.436410+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:54.040693+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:54.640631+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:55.001298+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:55.121125+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:55.679112+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:55.799284+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:56.279357+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:56.759403+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:56.879355+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:57.373086+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:58.055122+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:58.654890+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:59.734560+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:00.214235+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:00.334190+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:00.454155+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:00.574073+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:00.693909+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:00.856858+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:01.096574+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:01.216819+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:01.379377+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:01.499735+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:01.859121+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:02.111656+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:03.351228+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:04.467004+010028255641Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:35:13.984996+010028255631Malware Command and Control Activity Detected192.168.2.549704147.185.221.207445TCP
                2024-12-16T07:35:37.822072+010028255631Malware Command and Control Activity Detected192.168.2.549751147.185.221.207445TCP
                2024-12-16T07:36:01.867722+010028255631Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:37:37.974198+010028255631Malware Command and Control Activity Detected192.168.2.549982147.185.221.207445TCP
                2024-12-16T07:38:02.012478+010028255631Malware Command and Control Activity Detected192.168.2.549983147.185.221.207445TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-16T07:34:54.401789+010028148601Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:34:54.401789+010028148601Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:34:54.401789+010028148601Malware Command and Control Activity Detected192.168.2.549974147.185.221.207445TCP
                2024-12-16T07:34:54.401789+010028148601Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:34:54.401789+010028148601Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:34:54.401789+010028148601Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:21.574160+010028148601Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:23.617868+010028148601Malware Command and Control Activity Detected192.168.2.549808147.185.221.207445TCP
                2024-12-16T07:36:30.857178+010028148601Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:33.722941+010028148601Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:36.840711+010028148601Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:39.383585+010028148601Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:41.956055+010028148601Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:46.501266+010028148601Malware Command and Control Activity Detected192.168.2.549864147.185.221.207445TCP
                2024-12-16T07:36:55.139183+010028148601Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:57.299894+010028148601Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:36:59.581194+010028148601Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:02.919527+010028148601Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:07.446021+010028148601Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:37:10.438822+010028148601Malware Command and Control Activity Detected192.168.2.549918147.185.221.207445TCP
                2024-12-16T07:38:31.927756+010028148601Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:35.540743+010028148601Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:38.763761+010028148601Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:42.412236+010028148601Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:45.689163+010028148601Malware Command and Control Activity Detected192.168.2.549984147.185.221.207445TCP
                2024-12-16T07:38:54.640631+010028148601Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:57.011327+010028148601Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:38:59.374648+010028148601Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP
                2024-12-16T07:39:04.190503+010028148601Malware Command and Control Activity Detected192.168.2.549985147.185.221.207445TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: lastest.exeAvira: detected
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Source: C:\svchost.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Source: C:\Users\user\AppData\Roaming\svchost.exeAvira: detection malicious, Label: TR/ATRAPS.Gen
                Found malware configuration
                Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmpMalware Configuration Extractor: Njrat {"Host": "pool-tournaments.gl.at.ply.gg", "Port": "7445", "Version": "im523", "Campaign ID": "svchost.exe", "Install Name": "svchost.exe", "Install Dir": "AppData"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeReversingLabs: Detection: 97%
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeVirustotal: Detection: 84%Perma Link
                Source: C:\Users\user\AppData\Roaming\svchost.exeReversingLabs: Detection: 97%
                Source: C:\svchost.exeReversingLabs: Detection: 97%
                Multi AV Scanner detection for submitted file
                Source: lastest.exeReversingLabs: Detection: 97%
                Source: lastest.exeVirustotal: Detection: 84%Perma Link
                Yara detected Njrat
                Source: Yara matchFile source: lastest.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: lastest.exe PID: 6604, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1252, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPED
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeJoe Sandbox ML: detected
                Source: C:\svchost.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\svchost.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: lastest.exeJoe Sandbox ML: detected
                Source: lastest.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\lastest.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: lastest.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Spreading

                barindex
                Creates autorun.inf (USB autostart)
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\autorun.infJump to behavior
                Source: lastest.exe, 00000000.00000002.2092146591.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                Source: lastest.exe, 00000000.00000002.2092146591.0000000002AE1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                Source: lastest.exe, 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                Source: lastest.exe, 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                Source: svchost.exe, 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: autorun.inf
                Source: svchost.exe, 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [autorun]
                Source: lastest.exeBinary or memory string: autorun.inf
                Source: lastest.exeBinary or memory string: [autorun]
                Source: autorun.inf.2.drBinary or memory string: [autorun]
                Source: 65449e22560e51e0740c2a10dc6c9c59.exe.2.drBinary or memory string: autorun.inf
                Source: 65449e22560e51e0740c2a10dc6c9c59.exe.2.drBinary or memory string: [autorun]
                Source: svchost.exe.2.drBinary or memory string: autorun.inf
                Source: svchost.exe.2.drBinary or memory string: [autorun]
                Source: svchost.exe.0.drBinary or memory string: autorun.inf
                Source: svchost.exe.0.drBinary or memory string: [autorun]

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49704 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49704 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49704 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49704 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49751 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49751 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49751 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49751 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49864 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49864 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49864 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49808 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49808 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49808 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49808 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49918 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49918 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49918 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49864 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49808 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49918 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49974 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49974 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49974 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49983 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49982 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49983 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49982 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49983 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825563 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf) : 192.168.2.5:49982 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49983 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49982 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49984 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49984 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49984 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2033132 - Severity 1 - ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll) : 192.168.2.5:49985 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2021176 - Severity 1 - ET MALWARE Bladabindi/njRAT CnC Command (ll) : 192.168.2.5:49985 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2825564 - Severity 1 - ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act) : 192.168.2.5:49985 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49984 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49985 -> 147.185.221.20:7445
                Source: Network trafficSuricata IDS: 2814860 - Severity 1 - ETPRO MALWARE njRAT/Bladabindi CnC Callback (act) : 192.168.2.5:49974 -> 147.185.221.20:7445
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Users\user\AppData\Roaming\svchost.exeNetwork Connect: 147.185.221.20 7445Jump to behavior
                Source: global trafficTCP traffic: 192.168.2.5:49704 -> 147.185.221.20:7445
                Source: Joe Sandbox ViewIP Address: 147.185.221.20 147.185.221.20
                Source: Joe Sandbox ViewASN Name: SALSGIVERUS SALSGIVERUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficDNS traffic detected: DNS query: pool-tournaments.gl.at.ply.gg
                Source: svchost.exe, 00000002.00000002.4495378873.000000000147B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.
                Source: svchost.exe, 00000002.00000002.4495378873.000000000147B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.microsoft.LinkId=42127
                Source: lastest.exe, 65449e22560e51e0740c2a10dc6c9c59.exe.2.dr, svchost.exe.2.dr, svchost.exe.0.drString found in binary or memory: https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Contains functionality to log keystrokes (.Net Source)
                Source: lastest.exe, kl.cs.Net Code: VKCodeToUnicode
                Source: svchost.exe.0.dr, kl.cs.Net Code: VKCodeToUnicode
                Source: 65449e22560e51e0740c2a10dc6c9c59.exe.2.dr, kl.cs.Net Code: VKCodeToUnicode
                Source: svchost.exe.2.dr, kl.cs.Net Code: VKCodeToUnicode

                E-Banking Fraud

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: lastest.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: lastest.exe PID: 6604, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1252, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPED

                Operating System Destruction

                barindex
                Protects its processes via BreakOnTermination flag
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: 01 00 00 00 Jump to behavior

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: lastest.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: lastest.exe, type: SAMPLEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: lastest.exe, type: SAMPLEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPEMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPEMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 Author: unknown
                Source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPEDMatched rule: Identify njRat Author: Brian Wallace @botnet_hunter
                Source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPEDMatched rule: Detects NjRAT / Bladabindi Author: ditekSHen
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_0332BEF2 NtSetInformationProcess,2_2_0332BEF2
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_0332BED0 NtSetInformationProcess,2_2_0332BED0
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_060C01C2 NtQuerySystemInformation,2_2_060C01C2
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_060C0187 NtQuerySystemInformation,2_2_060C0187
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_0332269A2_2_0332269A
                Source: lastest.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: lastest.exe, type: SAMPLEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: lastest.exe, type: SAMPLEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: lastest.exe, type: SAMPLEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPEMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\svchost.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\svchost.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPEDMatched rule: Windows_Trojan_Njrat_30f3c220 reference_sample = 741a0f3954499c11f9eddc8df7c31e7c59ca41f1a7005646735b8b1d53438c1b, os = windows, severity = x86, creation_date = 2021-06-13, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Njrat, fingerprint = d15e131bca6beddcaecb20fffaff1784ad8a33a25e7ce90f7450d1a362908cc4, id = 30f3c220-b8dc-45a1-bcf0-027c2f76fa63, last_modified = 2021-10-04
                Source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPEDMatched rule: njrat1 date = 2015-05-27, author = Brian Wallace @botnet_hunter, description = Identify njRat, author_email = bwall@ballastsecurity.net
                Source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPEDMatched rule: MALWARE_Win_NjRAT author = ditekSHen, description = Detects NjRAT / Bladabindi
                Source: classification engineClassification label: mal100.spre.troj.adwa.spyw.evad.winEXE@12/10@1/1
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_0332BBA2 AdjustTokenPrivileges,2_2_0332BBA2
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_0332BB6B AdjustTokenPrivileges,2_2_0332BB6B
                Source: C:\Users\user\Desktop\lastest.exeFile created: C:\Users\user\AppData\Roaming\svchost.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMutant created: NULL
                Source: C:\Users\user\AppData\Roaming\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\65449e22560e51e0740c2a10dc6c9c59
                Source: C:\Users\user\AppData\Roaming\svchost.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6768:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5688:120:WilError_03
                Source: lastest.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: lastest.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "ApplicationFrameHost.exe")
                Source: C:\Users\user\Desktop\lastest.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: lastest.exeReversingLabs: Detection: 97%
                Source: lastest.exeVirustotal: Detection: 84%
                Source: C:\Users\user\Desktop\lastest.exeFile read: C:\Users\user\Desktop\lastest.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\lastest.exe "C:\Users\user\Desktop\lastest.exe"
                Source: C:\Users\user\Desktop\lastest.exeProcess created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe"
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
                Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM ApplicationFrameHost.exe
                Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" ..
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" ..
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" ..
                Source: C:\Users\user\Desktop\lastest.exeProcess created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\svchost.exe" "svchost.exe" ENABLEJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM ApplicationFrameHost.exeJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: shfolder.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: avicap32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: msvfw32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ifmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasmontr.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mfc42u.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: authfwcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwpolicyiomgr.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: firewallapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcmonitor.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3cfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dot3api.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: onex.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: eappprxy.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: fwcfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: hnetmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netshell.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nlaapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netsetupapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: netiohlp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: httpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshipsec.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: activeds.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: polstore.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winipsec.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: adsldpc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: nshwfp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cabinet.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2pnetsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: p2p.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rpcnsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: whhelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlancfg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wlanapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wshelper.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wevtapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: peerdistsh.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wcmapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: rmclient.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mobilenetworking.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: slc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: ktmw32.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: mprmsg.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{674B6698-EE92-11D0-AD71-00C04FD8FDFF}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dllJump to behavior
                Source: lastest.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: C:\Users\user\Desktop\lastest.exeFile opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9672_none_d08f9da24428a513\MSVCR80.dllJump to behavior
                Source: lastest.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: lastest.exe, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: svchost.exe.0.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: 65449e22560e51e0740c2a10dc6c9c59.exe.2.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: svchost.exe.2.dr, OK.cs.Net Code: Plugin System.Reflection.Assembly.Load(byte[])
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_05C211CF push cs; ret 2_2_05C211D2
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_05C210D8 push cs; ret 2_2_05C210DA
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 2_2_05C21F20 push ss; ret 2_2_05C21F2A
                Source: C:\Users\user\AppData\Roaming\svchost.exeCode function: 10_2_05B50635 push ss; iretd 10_2_05B50643

                Persistence and Installation Behavior

                barindex
                Drops PE files with benign system names
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\svchost.exeJump to dropped file
                Source: C:\Users\user\Desktop\lastest.exeFile created: C:\Users\user\AppData\Roaming\svchost.exeJump to dropped file
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\svchost.exeJump to dropped file
                Source: C:\Users\user\Desktop\lastest.exeFile created: C:\Users\user\AppData\Roaming\svchost.exeJump to dropped file
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeJump to dropped file

                Boot Survival

                barindex
                Creates autostart registry keys with suspicious names
                Source: C:\Users\user\AppData\Roaming\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59Jump to behavior
                Drops PE files to the startup folder
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeJump to dropped file
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe\:Zone.Identifier:$DATAJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59Jump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeMemory allocated: 2AE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeMemory allocated: D40000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 33C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 3A40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 5A40000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 2CA0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 4CA0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 32D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 32D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 52D0000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 1950000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 3A40000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeMemory allocated: 1950000 memory commit | memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeWindow / User API: threadDelayed 3026Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeWindow / User API: threadDelayed 1897Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeWindow / User API: threadDelayed 3339Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeWindow / User API: foregroundWindowGot 440Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeWindow / User API: foregroundWindowGot 1261Jump to behavior
                Source: C:\Users\user\Desktop\lastest.exe TID: 1088Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 5084Thread sleep time: -1897000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 5084Thread sleep time: -3339000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 4100Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 5752Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exe TID: 6368Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\lastest.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: svchost.exe, 00000002.00000002.4495378873.000000000147B000.00000004.00000020.00020000.00000000.sdmp, netsh.exe, 00000003.00000003.2159134277.0000000003241000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\lastest.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Users\user\AppData\Roaming\svchost.exeNetwork Connect: 147.185.221.20 7445Jump to behavior
                .NET source code references suspicious native API functions
                Source: lastest.exe, kl.csReference to suspicious API methods: MapVirtualKey(a, 0u)
                Source: lastest.exe, kl.csReference to suspicious API methods: GetAsyncKeyState(num2)
                Source: lastest.exe, OK.csReference to suspicious API methods: capGetDriverDescriptionA(wDriver, ref lpszName, 100, ref lpszVer, 100)
                Source: C:\Users\user\Desktop\lastest.exeProcess created: C:\Users\user\AppData\Roaming\svchost.exe "C:\Users\user\AppData\Roaming\svchost.exe" Jump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM ApplicationFrameHost.exeJump to behavior
                Source: svchost.exe, 00000002.00000002.4496200997.0000000003AFE000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4496200997.0000000003D2C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: svchost.exe, 00000002.00000002.4496200997.0000000003CEE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerp
                Source: svchost.exe, 00000002.00000002.4495378873.000000000147B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Rh Program Manager
                Source: svchost.exe, 00000002.00000002.4496200997.0000000003AFE000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4496200997.0000000003D2C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program managerL.
                Source: svchost.exe, 00000002.00000002.4496200997.0000000003AFE000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4496200997.0000000003D55000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: program manager
                Source: svchost.exe, 00000002.00000002.4496200997.0000000003AFE000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4496200997.0000000003D2C000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager@9
                Source: C:\Users\user\AppData\Roaming\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\netsh.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\svchost.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Lowering of HIPS / PFW / Operating System Security Settings

                barindex
                Modifies the windows firewall
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
                Uses netsh to modify the Windows network and firewall settings
                Source: C:\Users\user\AppData\Roaming\svchost.exeProcess created: C:\Windows\SysWOW64\netsh.exe netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE

                Stealing of Sensitive Information

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: lastest.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: lastest.exe PID: 6604, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1252, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPED

                Remote Access Functionality

                barindex
                Yara detected Njrat
                Source: Yara matchFile source: lastest.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.lastest.exe.3a0000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: lastest.exe PID: 6604, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: svchost.exe PID: 1252, type: MEMORYSTR
                Source: Yara matchFile source: C:\svchost.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, type: DROPPED
                Source: Yara matchFile source: C:\Users\user\AppData\Roaming\svchost.exe, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure11
                Replication Through Removable Media                		1
                Windows Management Instrumentation                		221
                Registry Run Keys / Startup Folder                		1
                Access Token Manipulation                		11
                Masquerading                		1
                Input Capture                		11
                Security Software Discovery                		Remote Services1
                Input Capture                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Native API                		1
                DLL Side-Loading                		112
                Process Injection                		211
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol1
                Archive Collected Data                		1
                Non-Standard Port                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)221
                Registry Run Keys / Startup Folder                		31
                Virtualization/Sandbox Evasion                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive1
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		1
                Access Token Manipulation                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture1
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script112
                Process Injection                		LSA Secrets1
                Peripheral Device Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                Obfuscated Files or Information                		Cached Domain Credentials1
                File and Directory Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Software Packing                		DCSync13
                System Information Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Side-Loading                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1575637 Sample: lastest.exe Startdate: 16/12/2024 Architecture: WINDOWS Score: 100 46 pool-tournaments.gl.at.ply.gg 2->46 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 14 other signatures 2->56 9 lastest.exe 1 6 2->9         started        13 svchost.exe 3 2->13         started        15 svchost.exe 2 2->15         started        17 svchost.exe 2 2->17         started        signatures3 process4 file5 40 C:\Users\user\AppData\Roaming\svchost.exe, PE32 9->40 dropped 42 C:\Users\user\...\svchost.exe:Zone.Identifier, ASCII 9->42 dropped 44 C:\Users\user\AppData\...\lastest.exe.log, ASCII 9->44 dropped 66 Drops PE files with benign system names 9->66 19 svchost.exe 2 11 9->19         started        signatures6 process7 dnsIp8 48 pool-tournaments.gl.at.ply.gg 147.185.221.20, 49704, 49751, 49808 SALSGIVERUS United States 19->48 32 C:\svchost.exe, PE32 19->32 dropped 34 C:\...\65449e22560e51e0740c2a10dc6c9c59.exe, PE32 19->34 dropped 36 C:\svchost.exe:Zone.Identifier, ASCII 19->36 dropped 38 2 other malicious files 19->38 dropped 58 Antivirus detection for dropped file 19->58 60 System process connects to network (likely due to code injection or exploit) 19->60 62 Multi AV Scanner detection for dropped file 19->62 64 8 other signatures 19->64 24 taskkill.exe 1 19->24         started        26 netsh.exe 2 19->26         started        file9 signatures10 process11 process12 28 conhost.exe 24->28         started        30 conhost.exe 26->30         started       

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                lastest.exe97%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                lastest.exe85%VirustotalBrowse
                lastest.exe100%AviraTR/ATRAPS.Gen
                lastest.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe100%AviraTR/ATRAPS.Gen
                C:\svchost.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\AppData\Roaming\svchost.exe100%AviraTR/ATRAPS.Gen
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe100%Joe Sandbox ML
                C:\svchost.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\svchost.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe97%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe85%VirustotalBrowse
                C:\Users\user\AppData\Roaming\svchost.exe97%ReversingLabsByteCode-MSIL.Backdoor.njRAT
                C:\svchost.exe97%ReversingLabsByteCode-MSIL.Backdoor.njRAT

                Unpacked PE Files

                No Antivirus matches

                Domains

                SourceDetectionScannerLabelLink
                pool-tournaments.gl.at.ply.gg3%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://go.microsoft.LinkId=421270%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                pool-tournaments.gl.at.ply.gg
                		147.185.221.20
                		truetrueunknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://go.microsoft.svchost.exe, 00000002.00000002.4495378873.000000000147B000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://dl.dropbox.com/s/p84aaz28t0hepul/Pass.exe?dl=0lastest.exe, 65449e22560e51e0740c2a10dc6c9c59.exe.2.dr, svchost.exe.2.dr, svchost.exe.0.drfalse
                    		high
                    http://go.microsoft.LinkId=42127svchost.exe, 00000002.00000002.4495378873.000000000147B000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    147.185.221.20
                    		pool-tournaments.gl.at.ply.ggUnited States
                    		12087SALSGIVERUStrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1575637
                    Start date and time:2024-12-16 07:34:09 +01:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 7m 56s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:12
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:lastest.exe
                    Detection:MAL
                    Classification:mal100.spre.troj.adwa.spyw.evad.winEXE@12/10@1/1
                    EGA Information:
                    • Successful, ratio: 100%
                    HCA Information:
                    • Successful, ratio: 100%
                    • Number of executed functions: 216
                    • Number of non-executed functions: 1
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                    • Excluded IPs from analysis (whitelisted): 52.149.20.212, 13.107.246.63
                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    01:35:42API Interceptor164771x Sleep call for process: svchost.exe modified
                    07:35:11AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59 "C:\Users\user\AppData\Roaming\svchost.exe" ..
                    07:35:20AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59 "C:\Users\user\AppData\Roaming\svchost.exe" ..
                    07:35:28AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run 65449e22560e51e0740c2a10dc6c9c59 "C:\Users\user\AppData\Roaming\svchost.exe" ..
                    07:35:37AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    147.185.221.20Ekpb7jn7mf.exeGet hashmaliciousRedLine, XWormBrowse
                    • pst-child.gl.at.ply.gg:9336/

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    pool-tournaments.gl.at.ply.ggcnct.exeGet hashmaliciousNjratBrowse
                    • 147.185.221.20

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    SALSGIVERUSFast Download.exeGet hashmaliciousNjratBrowse
                    • 147.185.221.229
                    cnct.exeGet hashmaliciousNjratBrowse
                    • 147.185.221.20
                    Server1.exeGet hashmaliciousNjratBrowse
                    • 147.185.221.17
                    njSilent.exeGet hashmaliciousNjratBrowse
                    • 147.185.221.19
                    Minet.exeGet hashmaliciousNjratBrowse
                    • 147.185.221.22
                    Discordd.exeGet hashmaliciousAsyncRATBrowse
                    • 147.185.221.18
                    Discord2.exeGet hashmaliciousAsyncRATBrowse
                    • 147.185.221.18
                    Discord3.exeGet hashmaliciousAsyncRATBrowse
                    • 147.185.221.18
                    Loader.exeGet hashmaliciousAsyncRATBrowse
                    • 147.185.221.20
                    72OWK7wBVH.exeGet hashmaliciousXWormBrowse
                    • 147.185.221.24

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\lastest.exe.log

                    Download File
                    Process:C:\Users\user\Desktop\lastest.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):525
                    Entropy (8bit):5.259753436570609
                    Encrypted:false
                    SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                    MD5:260E01CC001F9C4643CA7A62F395D747
                    SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                    SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                    SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                    Malicious:true
                    Reputation:moderate, very likely benign file
                    Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                    C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\svchost.exe.log

                    Download File
                    Process:C:\Users\user\AppData\Roaming\svchost.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):525
                    Entropy (8bit):5.259753436570609
                    Encrypted:false
                    SSDEEP:12:Q3LaJU2C9XAn10Ug+9pfu9t0U29xtUz1B0U2uk71K6xhk7v:MLF2CpI3zffup29Iz52Ve
                    MD5:260E01CC001F9C4643CA7A62F395D747
                    SHA1:492AD0ACE3A9C8736909866EEA168962D418BE5A
                    SHA-256:4BC52CCF866F489772A6919A0CC2C55B1432729D6BDF29E17E5853ABDFAB6030
                    SHA-512:01AF7D75257E3DBD460E328F5C057D0367B83D3D9397E89CA3AE54AB9B2842D62352D8CCB4BE98ACE0C5667846759D32C199DE39ECCD0CF9CD6A83267D27E7C4
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\bec14584c93014efbc76285c35d1e891\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7d443c6c007fe8696f9aa6ff1da53ef7\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2cdaeaf53e3d49038cf7cb0ce9d805d3\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d0e5535854cce87ea7f2d69d0594b7a8\System.Windows.Forms.ni.dll",0..

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe

                    Download File
                    Process:C:\Users\user\AppData\Roaming\svchost.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):37888
                    Entropy (8bit):5.5771216913055826
                    Encrypted:false
                    SSDEEP:384:jp3Eqi0PJZtbH9KyM+2LzmQnfSsWQTNrAF+rMRTyN/0L+EcoinblneHQM3epzXFn:FfJ95M+2L6Q6tQhrM+rMRa8NuPcwt
                    MD5:D51FF4DDC2F854CA93E0F1D04B73F29E
                    SHA1:48C15D887FDB2B303DEF489C857DB926CC4453EE
                    SHA-256:B4805D9FA4AC2354F8819C739DDF7095C397E916B29468F065C0907394909FE5
                    SHA-512:5103202E3357DA07625653C74957B85949467A7B26506148981E3469AC0DF6003E1823F7D66880DA31BBC7EDFB0E4D93AADE6C9C989FB71FCFCAC12E434562D4
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, Author: Joe Security
                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, Author: unknown
                    • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, Author: Brian Wallace @botnet_hunter
                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe, Author: ditekSHen
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 97%
                    • Antivirus: Virustotal, Detection: 85%, Browse
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....af................................ ........@.. ....................................@.....................................W.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B.......................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\65449e22560e51e0740c2a10dc6c9c59.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\AppData\Roaming\svchost.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Users\user\AppData\Roaming\svchost.exe

                    Download File
                    Process:C:\Users\user\Desktop\lastest.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):37888
                    Entropy (8bit):5.5771216913055826
                    Encrypted:false
                    SSDEEP:384:jp3Eqi0PJZtbH9KyM+2LzmQnfSsWQTNrAF+rMRTyN/0L+EcoinblneHQM3epzXFn:FfJ95M+2L6Q6tQhrM+rMRa8NuPcwt
                    MD5:D51FF4DDC2F854CA93E0F1D04B73F29E
                    SHA1:48C15D887FDB2B303DEF489C857DB926CC4453EE
                    SHA-256:B4805D9FA4AC2354F8819C739DDF7095C397E916B29468F065C0907394909FE5
                    SHA-512:5103202E3357DA07625653C74957B85949467A7B26506148981E3469AC0DF6003E1823F7D66880DA31BBC7EDFB0E4D93AADE6C9C989FB71FCFCAC12E434562D4
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: Joe Security
                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: unknown
                    • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: Brian Wallace @botnet_hunter
                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: ditekSHen
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 97%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....af................................ ........@.. ....................................@.....................................W.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B.......................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                    C:\Users\user\AppData\Roaming\svchost.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\lastest.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\autorun.inf

                    Download File
                    Process:C:\Users\user\AppData\Roaming\svchost.exe
                    File Type:Microsoft Windows Autorun file
                    Category:dropped
                    Size (bytes):50
                    Entropy (8bit):4.320240000427043
                    Encrypted:false
                    SSDEEP:3:It1KV2LKMACovK0x:e1KzxvD
                    MD5:5B0B50BADE67C5EC92D42E971287A5D9
                    SHA1:90D5C99143E7A56AD6E5EE401015F8ECC093D95A
                    SHA-256:04DDE2489D2D2E6846D42250D813AB90B5CA847D527F8F2C022E6C327DC6DB53
                    SHA-512:C064DC3C4185A38D1CAEBD069ACB9FDBB85DFB650D6A241036E501A09BC89FD06E267BE9D400D20E6C14B4068473D1C6557962E8D82FDFD191DB7EABB6E66821
                    Malicious:true
                    Preview:[autorun]..open=C:\svchost.exe..shellexecute=C:\..

                    C:\svchost.exe

                    Download File
                    Process:C:\Users\user\AppData\Roaming\svchost.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):37888
                    Entropy (8bit):5.5771216913055826
                    Encrypted:false
                    SSDEEP:384:jp3Eqi0PJZtbH9KyM+2LzmQnfSsWQTNrAF+rMRTyN/0L+EcoinblneHQM3epzXFn:FfJ95M+2L6Q6tQhrM+rMRa8NuPcwt
                    MD5:D51FF4DDC2F854CA93E0F1D04B73F29E
                    SHA1:48C15D887FDB2B303DEF489C857DB926CC4453EE
                    SHA-256:B4805D9FA4AC2354F8819C739DDF7095C397E916B29468F065C0907394909FE5
                    SHA-512:5103202E3357DA07625653C74957B85949467A7B26506148981E3469AC0DF6003E1823F7D66880DA31BBC7EDFB0E4D93AADE6C9C989FB71FCFCAC12E434562D4
                    Malicious:true
                    Yara Hits:
                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\svchost.exe, Author: Joe Security
                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\svchost.exe, Author: unknown
                    • Rule: njrat1, Description: Identify njRat, Source: C:\svchost.exe, Author: Brian Wallace @botnet_hunter
                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\svchost.exe, Author: ditekSHen
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 97%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....af................................ ........@.. ....................................@.....................................W.......@............................................................................ ............... ..H............text....... ...................... ..`.rsrc...@...........................@..@.reloc..............................@..B.......................H........e...E..........................................................&.(......**..(......*.s.........s.........s.........s..........*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0...........~....o.....+..*.0.............(....(.....+..*...0............(.....+..*.0................(.....+..*.0............(.....+..*.0.. ...................,.(...+.+.+....+...*.0...........................**..(......*....0..&........~..............,.(...+.

                    C:\svchost.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\AppData\Roaming\svchost.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Preview:[ZoneTransfer]....ZoneId=0

                    \Device\ConDrv

                    Download File
                    Process:C:\Windows\SysWOW64\netsh.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):313
                    Entropy (8bit):4.971939296804078
                    Encrypted:false
                    SSDEEP:6:/ojfKsUTGN8Ypox42k9L+DbGMKeQE+vigqAZs2E+AYeDPO+Yswyha:wjPIGNrkHk9iaeIM6ADDPOHyha
                    MD5:689E2126A85BF55121488295EE068FA1
                    SHA1:09BAAA253A49D80C18326DFBCA106551EBF22DD6
                    SHA-256:D968A966EF474068E41256321F77807A042F1965744633D37A203A705662EC25
                    SHA-512:C3736A8FC7E6573FA1B26FE6A901C05EE85C55A4A276F8F569D9EADC9A58BEC507D1BB90DBF9EA62AE79A6783178C69304187D6B90441D82E46F5F56172B5C5C
                    Malicious:false
                    Preview:..IMPORTANT: Command executed successfully...However, "netsh firewall" is deprecated;..use "netsh advfirewall firewall" instead...For more information on using "netsh advfirewall firewall" commands..instead of "netsh firewall", see KB article 947709..at https://go.microsoft.com/fwlink/?linkid=121488 .....Ok.....

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):5.5771216913055826
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                    • Win32 Executable (generic) a (10002005/4) 49.75%
                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                    • Windows Screen Saver (13104/52) 0.07%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    File name:lastest.exe
                    File size:37'888 bytes
                    MD5:d51ff4ddc2f854ca93e0f1d04b73f29e
                    SHA1:48c15d887fdb2b303def489c857db926cc4453ee
                    SHA256:b4805d9fa4ac2354f8819c739ddf7095c397e916b29468f065c0907394909fe5
                    SHA512:5103202e3357da07625653c74957b85949467a7b26506148981e3469ac0df6003e1823f7d66880da31bbc7edfb0e4d93aade6c9c989fb71fcfcac12e434562d4
                    SSDEEP:384:jp3Eqi0PJZtbH9KyM+2LzmQnfSsWQTNrAF+rMRTyN/0L+EcoinblneHQM3epzXFn:FfJ95M+2L6Q6tQhrM+rMRa8NuPcwt
                    TLSH:7E032A4D7FE18568C5FD067B05B2D41207BAE04F6D23D90E8EE568AA37636C18F50AF2
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....af................................. ........@.. ....................................@................................

                    File Icon

                    Icon Hash:00928e8e8686b000

                    Static PE Info

                    General

                    Entrypoint:0x40abee
                    Entrypoint Section:.text
                    Digitally signed:false
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x6661D2D1 [Thu Jun 6 15:16:33 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0xab940x57.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x240.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xe0000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x8bf40x8c00e50cc2480b2d25134151ed8029848c6eFalse0.46439732142857143data5.60856549762882IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0xc0000x2400x400f7ce2f7b506ce16c06c85a549ef2cd98False0.3134765625data4.968771659524424IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0xe0000xc0x200b469568bf04af65a6d552830e402f2a9False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_MANIFEST0xc0580x1e7XML 1.0 document, ASCII text, with CRLF line terminators0.5338809034907598

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-12-16T07:34:54.401789+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:34:54.401789+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:34:54.401789+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:34:54.401789+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:34:54.401789+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:34:54.401789+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:35:13.865022+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549704147.185.221.207445TCP
                    2024-12-16T07:35:13.865022+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549704147.185.221.207445TCP
                    2024-12-16T07:35:13.984996+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549704147.185.221.207445TCP
                    2024-12-16T07:35:19.402060+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549704147.185.221.207445TCP
                    2024-12-16T07:35:37.702045+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549751147.185.221.207445TCP
                    2024-12-16T07:35:37.702045+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549751147.185.221.207445TCP
                    2024-12-16T07:35:37.822072+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549751147.185.221.207445TCP
                    2024-12-16T07:35:44.173741+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549751147.185.221.207445TCP
                    2024-12-16T07:36:01.747087+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:01.747087+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:01.867722+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:04.183193+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:06.589882+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:08.450936+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:14.471424+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:14.792848+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:16.011578+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:16.136466+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:16.456638+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:16.696834+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:17.058862+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:17.436114+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:17.665248+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:17.785138+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:19.834714+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:20.200418+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:20.523289+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:21.574160+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:23.617868+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:23.617868+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549808147.185.221.207445TCP
                    2024-12-16T07:36:25.777033+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:25.777033+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:26.016692+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:26.478154+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:26.719443+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:26.839819+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:28.045455+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:29.070396+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:29.192557+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:29.488290+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:29.769880+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:30.857178+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:32.426885+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:32.546846+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:32.759250+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:33.479851+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:33.722941+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:34.581003+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:34.993090+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:35.112916+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:35.500312+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:35.620578+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:35.756590+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:35.876706+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:36.119353+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:36.720398+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:36.840711+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:37.206962+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:37.935089+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:38.295609+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:38.539136+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:39.383585+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:39.623695+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:39.743763+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:40.344752+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:41.580488+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:41.956055+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:41.956055+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:42.123168+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:42.525402+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:42.646800+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:42.821831+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:43.423824+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:43.546122+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:43.732336+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:44.706765+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:44.946739+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:45.323926+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:45.654817+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:45.894450+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:46.501266+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:46.501266+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:46.981398+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:47.626695+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549864147.185.221.207445TCP
                    2024-12-16T07:36:49.808868+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:49.808868+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:50.048811+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:51.259903+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:51.986176+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:52.346505+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:52.587240+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:53.186942+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:53.667363+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:54.029317+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:54.149885+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:54.390056+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:55.139183+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:55.139183+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:55.738951+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:56.219084+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:56.819826+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:57.299894+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:57.299894+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:36:59.581194+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:00.300608+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:00.781294+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:00.901071+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:01.403674+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:01.523537+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:01.781878+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:01.901870+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:02.078659+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:02.198870+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:02.318925+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:02.559801+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:02.919527+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:03.103324+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:03.450166+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:03.779339+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:04.139180+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:04.378782+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:04.498628+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:04.618530+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:04.739062+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:04.923458+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:05.644309+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:05.884403+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:06.555100+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:06.725844+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:06.845816+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:07.446021+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:07.446021+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:08.048217+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:08.890787+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:10.438822+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:11.174846+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549918147.185.221.207445TCP
                    2024-12-16T07:37:13.833377+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:13.833377+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:14.341659+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:14.692657+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:15.053384+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:15.293910+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:15.485726+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:16.096153+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:16.937833+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:17.178508+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549974147.185.221.207445TCP
                    2024-12-16T07:37:37.854337+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549982147.185.221.207445TCP
                    2024-12-16T07:37:37.854337+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549982147.185.221.207445TCP
                    2024-12-16T07:37:37.974198+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549982147.185.221.207445TCP
                    2024-12-16T07:37:40.746805+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549982147.185.221.207445TCP
                    2024-12-16T07:38:01.892721+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:01.892721+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:02.012478+01002825563ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (inf)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:09.308963+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:11.948763+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:19.652155+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:19.917662+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:21.152158+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:21.277702+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:21.890778+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:22.010788+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:22.130594+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:22.250623+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:22.850528+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:22.970377+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:23.570735+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:23.691383+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549983147.185.221.207445TCP
                    2024-12-16T07:38:25.917926+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:25.917926+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:26.397500+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:26.998958+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:27.480577+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:27.600444+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:28.199927+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:28.439485+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:28.559457+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:28.679790+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:28.799731+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:29.039630+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:29.159523+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:29.646967+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:29.767036+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:29.886954+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:30.457612+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:30.577473+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:30.728310+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:31.807676+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:31.927756+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:33.461963+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:33.586027+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:33.736205+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:34.455344+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:34.575743+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:35.179053+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:35.298848+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:35.540743+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:35.660538+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:35.780316+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:36.594205+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:37.194495+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:37.805077+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:38.284275+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:38.763761+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:38.763761+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:38.918757+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:39.158681+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:39.278491+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:39.425251+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:40.749934+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:41.573108+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:42.172339+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:42.412236+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:42.651778+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:43.250899+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:43.490480+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:43.611343+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:43.948688+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:44.366048+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:44.485828+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:44.725489+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:45.328945+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:45.689163+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:45.928694+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:46.451084+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:46.651256+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:46.988195+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:47.235112+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:47.479222+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549984147.185.221.207445TCP
                    2024-12-16T07:38:49.932510+01002033132ET MALWARE Generic njRAT/Bladabindi CnC Activity (ll)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:49.932510+01002021176ET MALWARE Bladabindi/njRAT CnC Command (ll)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:50.557819+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:51.156781+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:52.236827+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:52.836387+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:53.436410+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:54.040693+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:54.640631+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:54.640631+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:55.001298+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:55.121125+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:55.679112+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:55.799284+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:56.279357+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:56.759403+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:56.879355+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:57.011327+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:57.373086+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:58.055122+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:58.654890+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:59.374648+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:38:59.734560+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:00.214235+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:00.334190+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:00.454155+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:00.574073+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:00.693909+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:00.856858+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:01.096574+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:01.216819+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:01.379377+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:01.499735+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:01.859121+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:02.111656+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:03.351228+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:04.190503+01002814860ETPRO MALWARE njRAT/Bladabindi CnC Callback (act)1192.168.2.549985147.185.221.207445TCP
                    2024-12-16T07:39:04.467004+01002825564ETPRO MALWARE Generic njRAT/Bladabindi CnC Activity (act)1192.168.2.549985147.185.221.207445TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Dec 16, 2024 07:35:13.541910887 CET497047445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:13.662226915 CET744549704147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:13.662314892 CET497047445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:13.865021944 CET497047445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:13.984910965 CET744549704147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:13.984996080 CET497047445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:14.104908943 CET744549704147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:19.402060032 CET497047445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:19.521893024 CET744549704147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:35.562216043 CET744549704147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:35.562407017 CET497047445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:37.575920105 CET497047445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:37.578329086 CET497517445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:37.695991993 CET744549704147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:37.698106050 CET744549751147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:37.698262930 CET497517445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:37.702044964 CET497517445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:37.821938992 CET744549751147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:37.822072029 CET497517445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:37.942012072 CET744549751147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:44.173741102 CET497517445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:35:44.293422937 CET744549751147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:59.609443903 CET744549751147.185.221.20192.168.2.5
                    Dec 16, 2024 07:35:59.609551907 CET497517445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:01.621124029 CET497517445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:01.623003960 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:01.742486954 CET744549751147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:01.742855072 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:01.742974043 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:01.747087002 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:01.867372036 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:01.867722034 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:01.987550020 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:04.183192968 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:04.303121090 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:06.589881897 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:06.709875107 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:08.450936079 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:08.570795059 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:14.471424103 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:14.591370106 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:14.792848110 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:14.912693977 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:16.011578083 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:16.132042885 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:16.136466026 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:16.257550955 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:16.456638098 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:16.576807022 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:16.576874971 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:16.696765900 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:16.696834087 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:16.817481995 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:16.817621946 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:16.937680006 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:16.937796116 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:17.058789968 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:17.058861971 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:17.178839922 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:17.436114073 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:17.556365967 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:17.665247917 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:17.785023928 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:17.785137892 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:17.905004978 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:17.905129910 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.025057077 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.025168896 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.145582914 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.146081924 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.265903950 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.266021013 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.387684107 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.387904882 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.507690907 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.508305073 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.628142118 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.628268957 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.748162031 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.752630949 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.872597933 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.874087095 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:18.994002104 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:18.994117975 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.114084959 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.114167929 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.234035015 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.234514952 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.354362011 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.354473114 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.474265099 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.474490881 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.594311953 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.594435930 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.714179993 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.714356899 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.834310055 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.834713936 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:19.954775095 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:19.955073118 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:20.075057983 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:20.075241089 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:20.195274115 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:20.200417995 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:20.320442915 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:20.523288965 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:20.643347025 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:20.643390894 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:20.852982998 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:20.853041887 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:20.973061085 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:20.973118067 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.093288898 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.093417883 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.213341951 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.213411093 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.333360910 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.333661079 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.453674078 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.453742027 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.573824883 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.574160099 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.694072962 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.696508884 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.816369057 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.816987038 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:21.936805964 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:21.938605070 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.058377028 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.058473110 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.178360939 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.178859949 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.298580885 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.299621105 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.420728922 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.422087908 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.542026043 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.542663097 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.662626982 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.663047075 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.782995939 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.784477949 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:22.904423952 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:22.908541918 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:23.028601885 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:23.031191111 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:23.151228905 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:23.151360035 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:23.271959066 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:23.617867947 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:23.645009995 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:23.645190001 CET498087445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:23.737869978 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:23.764861107 CET744549808147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:25.653669119 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:25.773490906 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:25.773552895 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:25.777033091 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:25.896764994 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:25.896859884 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:26.016628027 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:26.016691923 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:26.136461973 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:26.478153944 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:26.599555969 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:26.599613905 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:26.719393015 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:26.719443083 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:26.839746952 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:26.839818954 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:26.959693909 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:26.959784031 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.080470085 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.080859900 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.204530954 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.204741001 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.325793982 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.325915098 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.445699930 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.445811033 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.565758944 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.565855026 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.685688019 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.685791016 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.805583000 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.805660009 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:27.925432920 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:27.925503969 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.045351028 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.045454979 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.165275097 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.165389061 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.285145044 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.285202980 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.404927969 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.405128002 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.525002956 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.525305033 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.645320892 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.645467043 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.765511990 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.765747070 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:28.885735989 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:28.885885000 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:29.005819082 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:29.070395947 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:29.190421104 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:29.192557096 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:29.312580109 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:29.488290071 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:29.609093904 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:29.609200954 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:29.729172945 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:29.769880056 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:29.889722109 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:29.889792919 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.009596109 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.009663105 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.131021023 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.131169081 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.250979900 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.251084089 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.371057034 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.371138096 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.491099119 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.491336107 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.611323118 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.612503052 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.732407093 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.736509085 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.856669903 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.857177973 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:30.976984978 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:30.979557037 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.099451065 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.100519896 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.220350027 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.220541954 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.340388060 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.341936111 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.462292910 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.462398052 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.582351923 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.582431078 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.702472925 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.702555895 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.822526932 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.822648048 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:31.942703009 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:31.942786932 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:32.062808990 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:32.426884890 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:32.546777964 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:32.546845913 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:32.666666031 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:32.759249926 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:32.879267931 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:32.879345894 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:32.999183893 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:32.999255896 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.119457960 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.119609118 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.239666939 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.239828110 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.359870911 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.359946966 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.479758978 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.479851007 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.599637032 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.602957964 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.722846031 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.722940922 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.843024015 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.847229004 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:33.967135906 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:33.967896938 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.087762117 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.088244915 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.209445000 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.212507010 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.334228992 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.336525917 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.456406116 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.460490942 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.580936909 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.581002951 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.700716972 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.700779915 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.821268082 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.821341038 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:34.941380978 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:34.993089914 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:35.112816095 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:35.112915993 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:35.233055115 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:35.500312090 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:35.620234966 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:35.620578051 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:35.740421057 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:35.756589890 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:35.876615047 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:35.876705885 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:35.999397993 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:35.999464989 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.119250059 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.119353056 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.239238024 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.239470959 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.359426975 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.359637976 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.479938984 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.480144978 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.600127935 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.600497961 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.720279932 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.720397949 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.840070963 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.840711117 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:36.960431099 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:36.961055994 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.081141949 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.084649086 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.205085039 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.206962109 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.327188015 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.329720974 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.450901985 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.454776049 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.574748039 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.574835062 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.694762945 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.694833994 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.814814091 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.814922094 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:37.935019970 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:37.935089111 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.055109024 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.055283070 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.175415039 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.175493002 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.295439005 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.295608997 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.415654898 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.415725946 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.539031029 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.539135933 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.658983946 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.659126043 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.778951883 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.779046059 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:38.903125048 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:38.903273106 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.023097038 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.023180008 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.142913103 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.142992020 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.263258934 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.263345003 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.383507967 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.383584976 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.503588915 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.503710032 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.623613119 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.623694897 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.743671894 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.743762970 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.863795042 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.863920927 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:39.984004974 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:39.984215975 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.104319096 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.104495049 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.224473000 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.224678993 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.344679117 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.344752073 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.464605093 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.464690924 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.584762096 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.584856033 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.704765081 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.704845905 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.824774027 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.824873924 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:40.944725990 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:40.944822073 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.064778090 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.064996004 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.184906960 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.185219049 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.305072069 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.305269957 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.425153971 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.425393105 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.545278072 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.580487967 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.700319052 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.700429916 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.820149899 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.820236921 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:41.940103054 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:41.956054926 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:42.122904062 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:42.123167992 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:42.326777935 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:42.525402069 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:42.645409107 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:42.646800041 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:42.766757011 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:42.821830988 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:42.941728115 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:42.941822052 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.061686039 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.061768055 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.183506966 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.183599949 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.303761959 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.303833961 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.423749924 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.423824072 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.544190884 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.546122074 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.666500092 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.732336044 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.852782011 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.852859020 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:43.972867966 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:43.976605892 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:44.338922024 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:44.339385986 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:44.463970900 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:44.464061975 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:44.586313009 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:44.586421967 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:44.706559896 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:44.706764936 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:44.835525990 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:44.946738958 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:45.066567898 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:45.323925972 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:45.443635941 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:45.654817104 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:45.774523973 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:45.774646997 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:45.894310951 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:45.894449949 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.015183926 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.015245914 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.139626026 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.139714003 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.259881973 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.260001898 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.381361961 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.381428957 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.501190901 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.501266003 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.621131897 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.621215105 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.741019964 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.741095066 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.861552954 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.861634970 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:46.981311083 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:46.981398106 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:47.101085901 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:47.101298094 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:47.221621037 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:47.221692085 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:47.341480970 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:47.341553926 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:47.461210966 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:47.461302996 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:47.626621962 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:47.626694918 CET498647445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:47.680948019 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:47.746323109 CET744549864147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:49.684884071 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:49.804930925 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:49.805023909 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:49.808867931 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:49.928654909 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:49.928858042 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.048737049 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.048810959 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.168670893 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.168915987 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.288669109 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.288753986 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.408463001 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.408555031 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.528338909 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.528610945 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.648601055 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.650719881 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.772531033 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.776519060 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:50.896331072 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:50.896415949 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.017167091 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.017240047 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.137275934 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.139235973 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.259079933 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.259902954 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.379734993 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.380621910 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.500493050 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.504518032 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.624288082 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.624371052 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.744046926 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.744254112 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.866100073 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.866157055 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:51.985960960 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:51.986176014 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.106153965 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.106239080 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.226125002 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.226208925 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.346268892 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.346504927 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.466445923 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.466522932 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.587155104 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.587239981 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.707062006 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.707144022 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.827049971 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.827124119 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:52.946974039 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:52.947065115 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.066966057 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.067039013 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.186875105 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.186942101 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.306732893 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.306817055 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.426738977 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.426826954 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.546905994 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.547111988 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.667267084 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.667362928 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.788989067 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.789098978 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:53.909089088 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:53.909178019 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:54.029207945 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:54.029316902 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:54.149231911 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:54.149884939 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:54.269846916 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:54.270025969 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:54.389965057 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:54.390055895 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:54.565159082 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:54.565232992 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:54.778631926 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:54.778728962 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:54.899250031 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:54.899353027 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.019201040 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.019278049 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.139122963 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.139183044 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.259031057 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.259145021 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.379054070 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.379123926 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.498943090 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.499044895 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.618953943 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.619028091 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.738872051 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.738950968 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.858979940 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.859072924 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:55.979124069 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:55.979203939 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.099148989 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.099251986 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.219027996 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.219084024 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.339019060 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.339121103 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.458976984 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.459100962 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.578983068 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.579904079 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.699824095 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.699891090 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.819741011 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.819825888 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:56.939707994 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:56.939981937 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.059835911 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.059948921 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.179830074 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.179913044 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.299827099 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.299894094 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.419620991 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.419796944 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.539691925 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.539813042 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.659836054 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.659986019 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.779838085 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.779982090 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:57.899936914 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:57.900078058 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.019963026 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.020101070 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.140245914 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.140322924 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.260401964 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.260494947 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.380233049 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.380299091 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.501044989 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.501127005 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.620945930 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.621042967 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.742105007 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.742183924 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.861840963 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.862019062 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:58.981697083 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:58.981760025 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.101483107 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.101543903 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.221443892 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.221513033 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.341285944 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.341378927 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.461178064 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.461261034 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.581116915 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.581193924 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.700925112 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.700997114 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.820712090 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.820897102 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:36:59.940768957 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:36:59.940860033 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.060842037 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.060913086 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.180721998 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.180788040 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.300545931 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.300607920 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.420494080 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.420607090 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.540596962 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.540806055 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.661046982 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.661149025 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.781220913 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.781294107 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:00.901000977 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:00.901071072 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:01.021990061 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:01.022094011 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:01.141880035 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:01.141963959 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:01.262046099 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:01.262248039 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:01.381995916 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:01.403673887 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:01.523452997 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:01.523536921 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:01.643389940 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:01.781877995 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:01.901812077 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:01.901870012 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.021756887 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.078659058 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.198682070 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.198869944 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.318840981 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.318924904 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.439023972 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.439250946 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.559727907 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.559801102 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.679560900 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.679644108 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.799436092 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.799547911 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:02.919444084 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:02.919527054 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:03.039366007 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:03.103323936 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:03.223072052 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:03.450165987 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:03.569947004 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:03.779339075 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:03.899318933 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:03.899394989 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.019170046 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.019293070 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.139123917 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.139179945 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.258940935 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.258992910 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.378715992 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.378782034 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.498558044 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.498627901 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.618463993 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.618530035 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.738315105 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.739062071 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:04.858760118 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:04.923458099 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.043155909 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.043231964 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.163099051 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.163186073 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.282973051 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.284506083 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.404308081 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.404536963 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.524347067 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.524549007 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.644244909 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.644309044 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.764327049 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.764508963 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:05.884341002 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:05.884402990 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:06.004271984 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:06.555099964 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:06.674896002 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:06.725843906 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:06.845701933 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:06.845815897 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:06.966140032 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:06.966206074 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.086477995 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.086545944 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.206218004 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.206306934 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.325949907 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.326075077 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.445952892 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.446021080 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.568497896 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.568568945 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.688316107 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.688395023 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.808307886 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.808417082 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:07.928272963 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:07.928335905 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:08.048139095 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:08.048217058 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:08.168071032 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:08.168236971 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:08.287976980 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:08.288043976 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:08.408128977 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:08.408238888 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:08.528032064 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:08.528170109 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:08.690691948 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:08.690764904 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:08.890697956 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:08.890786886 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:09.198189974 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:09.198311090 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:09.446667910 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:09.446758986 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:09.690700054 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:09.690963030 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:09.938843966 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:09.938937902 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:10.190918922 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:10.191032887 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:10.438715935 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:10.438822031 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:10.682790041 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:10.682878017 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:10.926754951 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:10.926853895 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:11.174736023 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:11.174845934 CET499187445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:11.418679953 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:11.697854996 CET744549918147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:13.704061985 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:13.823908091 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:13.824029922 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:13.833376884 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:13.955560923 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:13.955622911 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:14.075320959 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:14.341659069 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:14.461374998 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:14.692656994 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:14.812378883 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:14.812525034 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:14.932872057 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:14.932944059 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.053262949 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.053384066 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.173782110 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.173890114 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.293739080 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.293910027 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.413733006 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.485726118 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.605484009 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.609107971 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.728873014 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.732637882 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.852431059 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.856525898 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:15.976234913 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:15.976322889 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.096062899 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.096153021 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.215946913 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.216074944 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.336009979 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.336611032 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.456345081 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.458214998 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.577953100 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.578010082 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.697786093 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.697871923 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.817744970 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.817827940 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:16.937608004 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:16.937833071 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:17.057996988 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:17.058290958 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:17.178148031 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:17.178508043 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:17.298233986 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:35.716320992 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:35.716465950 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:37.729932070 CET499747445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:37.731642962 CET499827445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:37.849674940 CET744549974147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:37.851428986 CET744549982147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:37.851547003 CET499827445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:37.854336977 CET499827445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:37.974081039 CET744549982147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:37.974198103 CET499827445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:38.093957901 CET744549982147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:40.746804953 CET499827445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:37:40.866642952 CET744549982147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:59.748842955 CET744549982147.185.221.20192.168.2.5
                    Dec 16, 2024 07:37:59.748925924 CET499827445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:01.761576891 CET499827445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:01.768323898 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:01.881431103 CET744549982147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:01.888499975 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:01.888600111 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:01.892720938 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:02.012399912 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:02.012478113 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:02.132237911 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:09.308963060 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:09.428663969 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:11.948762894 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:12.068614960 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:19.652154922 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:19.771929026 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:19.917661905 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:20.037344933 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:21.152158022 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:21.272031069 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:21.277702093 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:21.397670031 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:21.890778065 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.010658979 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.010787964 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.130496025 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.130594015 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.250403881 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.250622988 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.370409012 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.370485067 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.490326881 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.490575075 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.610380888 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.610642910 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.730429888 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.730515957 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.850450993 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.850528002 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:22.970293999 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:22.970376968 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.090729952 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.091008902 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.210791111 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.211097002 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.330878973 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.331099987 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.450756073 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.450839996 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.570661068 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.570734978 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.691066027 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.691382885 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.781857014 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.781961918 CET499837445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:23.811157942 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:23.902342081 CET744549983147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:25.794576883 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:25.914376020 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:25.914608955 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:25.917926073 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.037602901 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.037672997 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.157430887 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.157579899 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.277482033 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.277575016 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.397351980 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.397500038 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.517498970 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.517761946 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.637670040 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.637748003 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.757544994 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.757647038 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.877434969 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.877521992 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:26.998812914 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:26.998958111 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.120419025 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.120546103 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.240329027 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.240628004 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.360650063 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.360794067 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.480493069 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.480576992 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.600366116 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.600444078 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.720235109 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.720396042 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.840197086 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.840281010 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:27.960042953 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:27.960144043 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.079946995 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.080018044 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.199799061 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.199927092 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.319664955 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.319740057 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.439414024 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.439485073 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.559381962 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.559457064 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.679622889 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.679790020 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.799631119 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.799731016 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:28.919544935 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:28.919794083 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.039536953 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.039629936 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.159425020 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.159523010 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.280734062 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.284634113 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.404480934 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.404757977 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.524612904 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.524701118 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.644581079 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.646966934 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.766959906 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.767035961 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:29.886874914 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:29.886954069 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:30.006922960 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:30.457612038 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:30.577399969 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:30.577472925 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:30.697211981 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:30.728310108 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:30.848316908 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:30.848414898 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:30.968295097 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:30.968416929 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.088135004 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.088385105 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.208084106 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.208161116 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.327951908 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.328017950 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.447805882 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.448015928 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.567797899 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.567924023 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.687860966 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.687939882 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.807609081 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.807676077 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:31.927673101 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:31.927756071 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:32.047489882 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:32.047605038 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:32.228760958 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:32.228904009 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:32.430864096 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:32.430953979 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:32.552608013 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:32.552689075 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:32.672513962 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:32.672584057 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:32.792367935 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:32.792440891 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:32.912164927 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:33.461962938 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:33.585901022 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:33.586026907 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:33.705827951 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:33.736205101 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:33.855984926 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:33.856054068 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:33.975871086 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:33.975945950 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.095662117 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.095721960 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.215476036 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.215548038 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.335396051 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.335460901 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.455259085 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.455343962 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.575673103 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.575742960 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.695350885 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.695466042 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.815207005 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.816601992 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:34.936372995 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:34.939286947 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.059072971 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:35.059134960 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.178941011 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:35.179053068 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.298772097 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:35.298847914 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.418545961 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:35.420605898 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.540422916 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:35.540743113 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.660458088 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:35.660537958 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.780263901 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:35.780316114 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:35.900257111 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:36.594204903 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:36.714020014 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:36.714102030 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:36.833904982 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:36.833998919 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:36.954116106 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:36.954263926 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.074033022 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.074139118 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.194418907 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.194494963 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.314143896 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.314230919 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.433976889 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.434046984 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.553885937 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.554040909 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.673836946 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.673921108 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.793693066 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.805077076 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:37.924849987 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:37.924938917 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.044668913 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.044754982 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.164432049 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.164556026 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.284199953 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.284275055 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.403944016 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.404022932 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.523793936 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.523932934 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.643822908 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.643899918 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.763688087 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.763761044 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:38.883502960 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:38.918756962 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.038559914 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.038628101 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.158616066 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.158680916 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.278422117 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.278491020 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.398211956 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.425251007 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.550364971 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.550455093 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.670516014 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.670586109 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.790390968 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.790482044 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:39.910217047 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:39.910378933 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.030100107 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:40.030170918 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.150064945 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:40.150165081 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.270040035 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:40.270133972 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.389978886 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:40.390070915 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.509896040 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:40.510020018 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.629982948 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:40.630048037 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.749862909 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:40.749933958 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:40.869766951 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:41.573107958 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:41.692806959 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:41.692900896 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:41.812777042 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:41.812901974 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:41.932586908 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:41.932715893 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.052424908 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.052515984 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.172214985 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.172338963 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.292069912 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.292202950 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.412115097 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.412235975 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.531927109 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.532046080 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.651705027 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.651777983 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.771473885 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.771538019 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:42.891170979 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:42.891252995 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.010992050 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:43.011143923 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.130871058 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:43.130940914 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.250835896 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:43.250899076 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.370609999 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:43.370670080 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.490413904 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:43.490479946 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.611201048 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:43.611342907 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.917339087 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:43.948508024 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:43.948688030 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:44.037174940 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:44.068428993 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:44.366048098 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:44.485771894 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:44.485827923 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:44.605639935 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:44.605716944 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:44.725413084 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:44.725488901 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:44.845200062 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:44.845411062 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:44.965114117 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:44.965183973 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.084924936 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.084997892 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.204766035 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.204853058 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.324517012 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.328944921 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.449101925 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.449220896 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.569144964 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.569348097 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.689097881 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.689162970 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.808886051 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.808962107 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:45.928615093 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:45.928694010 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:46.048371077 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:46.048461914 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:46.168220997 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:46.168340921 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:46.288037062 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:46.288114071 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:46.451026917 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:46.451083899 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:46.651139021 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:46.651256084 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:46.895127058 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:46.988194942 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:47.235054016 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:47.235111952 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:47.479161024 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:47.479222059 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:47.719109058 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:47.719238997 CET499847445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:47.798472881 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:47.838938951 CET744549984147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:49.809762955 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:49.929477930 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:49.929586887 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:49.932509899 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.052217007 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.052309990 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.173583984 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.173698902 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.293673038 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.293798923 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.413501024 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.413573027 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.533328056 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.557818890 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.677433968 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.677556038 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.797255039 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.797378063 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:50.917037964 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:50.917150021 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.036880016 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.036956072 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.156626940 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.156780958 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.277355909 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.277467966 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.397300959 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.397440910 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.517206907 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.517318964 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.637026072 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.637111902 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.756979942 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.757124901 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.876894951 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.876982927 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:51.996809006 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:51.996915102 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.116705894 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.116872072 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.236735106 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.236826897 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.356750965 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.356910944 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.476774931 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.476867914 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.596725941 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.596853018 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.716535091 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.716619015 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.836301088 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.836386919 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:52.956267118 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:52.956402063 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.076226950 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.076334953 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.196305990 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.196428061 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.316440105 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.316540956 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.436322927 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.436409950 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.556258917 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.556427956 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.676518917 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.676692963 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.796749115 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.796859980 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:53.917049885 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:53.917138100 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.036943913 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.040693045 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.160713911 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.161022902 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.280843973 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.280953884 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.400691986 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.400818110 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.520598888 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.520678997 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.640516043 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.640630960 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.761269093 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.761413097 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:54.881213903 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:54.881313086 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.001220942 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.001297951 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.121049881 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.121124983 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.240825891 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.241086960 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.360846996 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.361078978 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.480815887 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.480959892 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.600845098 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.679111958 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.799197912 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.799283981 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:55.919266939 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:55.919370890 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.039175987 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.039374113 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.159193993 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.159296036 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.279279947 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.279356956 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.399184942 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.399269104 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.519134045 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.519280910 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.639300108 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.639413118 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.759325027 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.759402990 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:56.879265070 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:56.879354954 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.011250019 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:57.011327028 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.252171993 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:57.252331972 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.372993946 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:57.373085976 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.493036985 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:57.493227959 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.613023996 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:57.613110065 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.733000994 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:57.733110905 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.852857113 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:57.852958918 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:57.972712040 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.055121899 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:58.174892902 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.175045013 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:58.294802904 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.294874907 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:58.414726973 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.414859056 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:58.534667015 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.534749985 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:58.654820919 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.654890060 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:58.774691105 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.774769068 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:58.894526005 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:58.894612074 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.014363050 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.014502048 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.134459972 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.134537935 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.254313946 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.254450083 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.374403954 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.374648094 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.494390011 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.494554043 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.614468098 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.614548922 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.734474897 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.734560013 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.854387045 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.854520082 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:38:59.974247932 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:38:59.974400043 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.094202042 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.094297886 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.214168072 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.214235067 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.334111929 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.334189892 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.454085112 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.454154968 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.573926926 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.574073076 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.693840981 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.693908930 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.813739061 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.856858015 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:00.976634026 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:00.976758957 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:01.096478939 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:01.096574068 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:01.216650009 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:01.216819048 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:01.337486029 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:01.379376888 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:01.499669075 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:01.499735117 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:01.619477987 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:01.859121084 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:01.978832960 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:02.111655951 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:02.231445074 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:03.351227999 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:03.470999956 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:03.471115112 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:03.590950012 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:03.591070890 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:03.710872889 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:03.711018085 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:03.830820084 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:03.830904007 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:03.950650930 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:03.950776100 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.070492029 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.070600033 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.190349102 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.190502882 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.310249090 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.310385942 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.430165052 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.467004061 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.586898088 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.586982012 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.706919909 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.707029104 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.826906919 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.827039957 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:04.947679996 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:04.947752953 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:05.067526102 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:05.067617893 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:05.189193010 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:05.189260960 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:05.312318087 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:05.312410116 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:05.433372974 CET744549985147.185.221.20192.168.2.5
                    Dec 16, 2024 07:39:05.433454037 CET499857445192.168.2.5147.185.221.20
                    Dec 16, 2024 07:39:05.555901051 CET744549985147.185.221.20192.168.2.5

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Dec 16, 2024 07:35:13.288050890 CET5718653192.168.2.51.1.1.1
                    Dec 16, 2024 07:35:13.539033890 CET53571861.1.1.1192.168.2.5

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Dec 16, 2024 07:35:13.288050890 CET192.168.2.51.1.1.10x5bd7Standard query (0)pool-tournaments.gl.at.ply.ggA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Dec 16, 2024 07:35:13.539033890 CET1.1.1.1192.168.2.50x5bd7No error (0)pool-tournaments.gl.at.ply.gg147.185.221.20A (IP address)IN (0x0001)false

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:01:34:57
                    Start date:16/12/2024
                    Path:C:\Users\user\Desktop\lastest.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\lastest.exe"
                    Imagebase:0x3a0000
                    File size:37'888 bytes
                    MD5 hash:D51FF4DDC2F854CA93E0F1D04B73F29E
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, Author: unknown
                    • Rule: njrat1, Description: Identify njRat, Source: 00000000.00000000.2024274228.00000000003A2000.00000002.00000001.01000000.00000003.sdmp, Author: Brian Wallace @botnet_hunter
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:2
                    Start time:01:35:03
                    Start date:16/12/2024
                    Path:C:\Users\user\AppData\Roaming\svchost.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Roaming\svchost.exe"
                    Imagebase:0x7ff6d64d0000
                    File size:37'888 bytes
                    MD5 hash:D51FF4DDC2F854CA93E0F1D04B73F29E
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: 00000002.00000002.4496200997.0000000003A41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_Njrat, Description: Yara detected Njrat, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: Joe Security
                    • Rule: Windows_Trojan_Njrat_30f3c220, Description: unknown, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: unknown
                    • Rule: njrat1, Description: Identify njRat, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: Brian Wallace @botnet_hunter
                    • Rule: MALWARE_Win_NjRAT, Description: Detects NjRAT / Bladabindi, Source: C:\Users\user\AppData\Roaming\svchost.exe, Author: ditekSHen
                    Antivirus matches:
                    • Detection: 100%, Avira
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 97%, ReversingLabs
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:3
                    Start time:01:35:09
                    Start date:16/12/2024
                    Path:C:\Windows\SysWOW64\netsh.exe
                    Wow64 process (32bit):true
                    Commandline:netsh firewall add allowedprogram "C:\Users\user\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE
                    Imagebase:0x1080000
                    File size:82'432 bytes
                    MD5 hash:4E89A1A088BE715D6C946E55AB07C7DF
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:01:35:09
                    Start date:16/12/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff6d64d0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:5
                    Start time:01:35:09
                    Start date:16/12/2024
                    Path:C:\Windows\SysWOW64\taskkill.exe
                    Wow64 process (32bit):true
                    Commandline:taskkill /F /IM ApplicationFrameHost.exe
                    Imagebase:0xf20000
                    File size:74'240 bytes
                    MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:6
                    Start time:01:35:09
                    Start date:16/12/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff6d64d0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:8
                    Start time:01:35:20
                    Start date:16/12/2024
                    Path:C:\Users\user\AppData\Roaming\svchost.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Roaming\svchost.exe" ..
                    Imagebase:0x10000
                    File size:37'888 bytes
                    MD5 hash:D51FF4DDC2F854CA93E0F1D04B73F29E
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:9
                    Start time:01:35:28
                    Start date:16/12/2024
                    Path:C:\Users\user\AppData\Roaming\svchost.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Roaming\svchost.exe" ..
                    Imagebase:0x780000
                    File size:37'888 bytes
                    MD5 hash:D51FF4DDC2F854CA93E0F1D04B73F29E
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:10
                    Start time:01:35:37
                    Start date:16/12/2024
                    Path:C:\Users\user\AppData\Roaming\svchost.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Roaming\svchost.exe" ..
                    Imagebase:0xca0000
                    File size:37'888 bytes
                    MD5 hash:D51FF4DDC2F854CA93E0F1D04B73F29E
                    Has elevated privileges:false
                    Has administrator privileges:false
                    Programmed in:C, C++ or other language
                    Reputation:low
                    Has exited:true

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:7.4%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:37
                      Total number of Limit Nodes:1
                      execution_graph 1799 c7aa07 1800 c7aa3e CopyFileW 1799->1800 1802 c7aa8e 1800->1802 1759 c7a8c6 1760 c7a8ef SetFileAttributesW 1759->1760 1762 c7a90b 1760->1762 1763 c7ac46 1764 c7ac6c ShellExecuteExW 1763->1764 1766 c7ac88 1764->1766 1767 c7a646 1769 c7a67e CreateMutexW 1767->1769 1770 c7a6c1 1769->1770 1807 c7a8a4 1808 c7a8c6 SetFileAttributesW 1807->1808 1810 c7a90b 1808->1810 1811 c7ac24 1814 c7ac46 ShellExecuteExW 1811->1814 1813 c7ac88 1814->1813 1791 c7a462 1792 c7a486 RegSetValueExW 1791->1792 1794 c7a507 1792->1794 1795 c7a361 1796 c7a392 RegQueryValueExW 1795->1796 1798 c7a41b 1796->1798 1787 c7a2d2 1788 c7a2d6 SetErrorMode 1787->1788 1790 c7a33f 1788->1790 1803 c7a612 1805 c7a646 CreateMutexW 1803->1805 1806 c7a6c1 1805->1806 1779 c7a2fe 1780 c7a353 1779->1780 1781 c7a32a SetErrorMode 1779->1781 1780->1781 1782 c7a33f 1781->1782 1783 c7aa3e 1785 c7aa67 CopyFileW 1783->1785 1786 c7aa8e 1785->1786

                      Callgraph

                      • Executed
                      • Not Executed
                      • Opacity -> Relevance
                      • Disassembly available
                      callgraph 0 Function_00FF067F 1 Function_00C7A7C7 2 Function_00C7ACC7 3 Function_00C7A646 4 Function_00C7A8C6 5 Function_00C7AC46 6 Function_00C72044 7 Function_00C7A540 8 Function_00C7AACF 9 Function_00C7A74E 10 Function_00FF0074 11 Function_00FF026D 12 Function_00FF066A 13 Function_00C7A2D2 14 Function_00C7A952 15 Function_00C720D0 16 Function_00C7A25E 17 Function_00C7A45C 18 Function_00C72458 19 Function_00FF05DF 20 Function_00F70E55 21 Function_00C72364 22 Function_00C72264 23 Function_00C7A462 24 Function_00C7A361 25 Function_00C7AAE1 26 Function_00F70F50 27 Function_00C7A56E 28 Function_00F7075A 29 Function_00F70F58 30 Function_00FF05CF 31 Function_00C7A1F4 32 Function_00C7AB74 33 Function_00C723F4 34 Function_00C7A172 35 Function_00FF0649 35->12 36 Function_00F70D40 37 Function_00C721F0 38 Function_00C7A2FE 39 Function_00C7A97E 40 Function_00C7247C 41 Function_00C7ACFA 42 Function_00FF0040 43 Function_00FF0740 44 Function_00C7A078 45 Function_00FF05BF 46 Function_00C7AA07 47 Function_00C7A486 48 Function_00C7AB06 49 Function_00C7A005 50 Function_00C72005 51 Function_00F703BD 51->19 52 Function_00F70938 51->52 81 Function_00FF0606 51->81 52->19 52->81 53 Function_00C72194 54 Function_00C7A392 55 Function_00F70C22 56 Function_00C7A612 57 Function_00C7AC11 58 Function_00C7A710 59 Function_00C72310 60 Function_00C7A81E 61 Function_00C7AB9E 62 Function_00C7A09A 63 Function_00C7269A 64 Function_00C72619 65 Function_00F70BA8 66 Function_00C72098 67 Function_00F70014 68 Function_00C7A8A4 69 Function_00C7AC24 70 Function_00F70310 70->19 70->52 70->81 71 Function_00C7A120 72 Function_00C7A02E 73 Function_00F70699 74 Function_00F70D98 75 Function_00FF0710 76 Function_00F70F05 77 Function_00C722B4 78 Function_00F70B03 79 Function_00F70301 79->19 79->52 79->81 80 Function_00C72430 82 Function_00C7AA3E 83 Function_00F70C8D 84 Function_00C7A23C 85 Function_00C723BC 86 Function_00C7213C 87 Function_00F70889 87->19 87->81 88 Function_00FF0000

                      Executed Functions

                      Function 00C7A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 c7a612-c7a695 4 c7a697 0->4 5 c7a69a-c7a6a3 0->5 4->5 6 c7a6a5 5->6 7 c7a6a8-c7a6b1 5->7 6->7 8 c7a6b3-c7a6d7 CreateMutexW 7->8 9 c7a702-c7a707 7->9 12 c7a709-c7a70e 8->12 13 c7a6d9-c7a6ff 8->13 9->8 12->13
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 00C7A6B9
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 08b4c8887f07d0f7d553af92b1544a9faad848fc8e5cb85dc905245d134353ab
                      • Instruction ID: 7606bb7612659ff5ab5a0f0aea20ab0bfb367a4c02e7ac565b98d46c62cc9b74
                      • Opcode Fuzzy Hash: 08b4c8887f07d0f7d553af92b1544a9faad848fc8e5cb85dc905245d134353ab
                      • Instruction Fuzzy Hash: 1E3193B15093805FE721CB25DD85B96BFF8EF06314F08849AE984CB292D375E909C762
                      Function 00C7A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 16 c7a361-c7a3cf 19 c7a3d4-c7a3dd 16->19 20 c7a3d1 16->20 21 c7a3e2-c7a3e8 19->21 22 c7a3df 19->22 20->19 23 c7a3ed-c7a404 21->23 24 c7a3ea 21->24 22->21 26 c7a406-c7a419 RegQueryValueExW 23->26 27 c7a43b-c7a440 23->27 24->23 28 c7a442-c7a447 26->28 29 c7a41b-c7a438 26->29 27->26 28->29
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,9BE7C2D0,00000000,00000000,00000000,00000000), ref: 00C7A40C
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 5f00d7345917512f584228fa89b64d84b5afaf163128d6f9adab2a633c7abdc5
                      • Instruction ID: 497c2fef84f7dd57f20b3d5a4b24035c348f7e30aa7d0d5a8e6ffb43a1e17f49
                      • Opcode Fuzzy Hash: 5f00d7345917512f584228fa89b64d84b5afaf163128d6f9adab2a633c7abdc5
                      • Instruction Fuzzy Hash: 3F318175509780AFE721CF15CC84F96BBFCEF46310F08849AE9459B2A2D364E909CB72
                      Function 00C7A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 33 c7a462-c7a4c3 36 c7a4c5 33->36 37 c7a4c8-c7a4d4 33->37 36->37 38 c7a4d6 37->38 39 c7a4d9-c7a4f0 37->39 38->39 41 c7a527-c7a52c 39->41 42 c7a4f2-c7a505 RegSetValueExW 39->42 41->42 43 c7a507-c7a524 42->43 44 c7a52e-c7a533 42->44 44->43
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,9BE7C2D0,00000000,00000000,00000000,00000000), ref: 00C7A4F8
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 4640f258ea0c6a66bdd18442a4a9cd49680121024918179f91c0e75de97f5d98
                      • Instruction ID: 69e376672e9864f691c9674aee925381eed029668455b80c8d17335aac23d74e
                      • Opcode Fuzzy Hash: 4640f258ea0c6a66bdd18442a4a9cd49680121024918179f91c0e75de97f5d98
                      • Instruction Fuzzy Hash: 3621A1B21047806FD7228B15CC44F67BFB8DF46210F08849AE9459B692D274E908CB71
                      Function 00C7AA07 Relevance: 1.6, APIs: 1, Instructions: 72fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 63 c7aa07-c7aa65 65 c7aa67 63->65 66 c7aa6a-c7aa70 63->66 65->66 67 c7aa75-c7aa7e 66->67 68 c7aa72 66->68 69 c7aac1-c7aac6 67->69 70 c7aa80-c7aaa0 CopyFileW 67->70 68->67 69->70 73 c7aaa2-c7aabe 70->73 74 c7aac8-c7aacd 70->74 74->73
                      APIs
                      • CopyFileW.KERNELBASE(?,?,?), ref: 00C7AA86
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: CopyFile
                      • String ID:
                      • API String ID: 1304948518-0
                      • Opcode ID: 90b95da32c52d9bcb61a8952c835cc5fff6c5ea7651fdef386c52af9599d5a3e
                      • Instruction ID: ea8d359aa8bf1fc787497e3e37eb8bf2313886dcc12f0523f242207706fbf2af
                      • Opcode Fuzzy Hash: 90b95da32c52d9bcb61a8952c835cc5fff6c5ea7651fdef386c52af9599d5a3e
                      • Instruction Fuzzy Hash: 0921B3B25083809FD711CB25DD44B56BFF8EF56324F0984DAE848CB263D234E908DB61
                      Function 00C7A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 48 c7a646-c7a695 51 c7a697 48->51 52 c7a69a-c7a6a3 48->52 51->52 53 c7a6a5 52->53 54 c7a6a8-c7a6b1 52->54 53->54 55 c7a6b3-c7a6bb CreateMutexW 54->55 56 c7a702-c7a707 54->56 58 c7a6c1-c7a6d7 55->58 56->55 59 c7a709-c7a70e 58->59 60 c7a6d9-c7a6ff 58->60 59->60
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 00C7A6B9
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 2dd0806ddd982681112858f7bb22b91f7968f0e52f067547296e175c5cffce2b
                      • Instruction ID: 90be917702d37ecdc6aedf6e44e8df73004be6ac7c3e8d6c9fb07560b3338a4b
                      • Opcode Fuzzy Hash: 2dd0806ddd982681112858f7bb22b91f7968f0e52f067547296e175c5cffce2b
                      • Instruction Fuzzy Hash: 5821C5716002049FE720DF25DD85B9AFBE8EF44314F08C869ED488B741D775E904CA72
                      Function 00C7A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 76 c7a392-c7a3cf 78 c7a3d4-c7a3dd 76->78 79 c7a3d1 76->79 80 c7a3e2-c7a3e8 78->80 81 c7a3df 78->81 79->78 82 c7a3ed-c7a404 80->82 83 c7a3ea 80->83 81->80 85 c7a406-c7a419 RegQueryValueExW 82->85 86 c7a43b-c7a440 82->86 83->82 87 c7a442-c7a447 85->87 88 c7a41b-c7a438 85->88 86->85 87->88
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,9BE7C2D0,00000000,00000000,00000000,00000000), ref: 00C7A40C
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: ffeb850c336ecce48b2e04a4f24002afd42e8dd9044493fcdc9764e4260de459
                      • Instruction ID: c12a4885d95517d8bef2913b9e715a7e3b1e4fec84b8487e61272b06b2c59dd4
                      • Opcode Fuzzy Hash: ffeb850c336ecce48b2e04a4f24002afd42e8dd9044493fcdc9764e4260de459
                      • Instruction Fuzzy Hash: A3216D75600604AEE720CF15CD84FA6B7ECEF44710F08C46AE9499B651D775E909CA72
                      Function 00C7A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 92 c7a486-c7a4c3 94 c7a4c5 92->94 95 c7a4c8-c7a4d4 92->95 94->95 96 c7a4d6 95->96 97 c7a4d9-c7a4f0 95->97 96->97 99 c7a527-c7a52c 97->99 100 c7a4f2-c7a505 RegSetValueExW 97->100 99->100 101 c7a507-c7a524 100->101 102 c7a52e-c7a533 100->102 102->101
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,9BE7C2D0,00000000,00000000,00000000,00000000), ref: 00C7A4F8
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: f1346a359d7af3e0002323f3639de00eb3d24525ebba4eef2465dfed9135fd4f
                      • Instruction ID: cddc00ae93fdd7cb6076746aaf7642e08b78309b04e0dbbe4a3945096403483d
                      • Opcode Fuzzy Hash: f1346a359d7af3e0002323f3639de00eb3d24525ebba4eef2465dfed9135fd4f
                      • Instruction Fuzzy Hash: BC11AFB2500704AFE731CE15CD45BABBBECEF44714F04C46AE9499A791D375E9088AB2
                      Function 00C7A2D2 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 106 c7a2d2-c7a2d4 107 c7a2d6-c7a2dd 106->107 108 c7a2de-c7a328 106->108 107->108 110 c7a353-c7a358 108->110 111 c7a32a-c7a33d SetErrorMode 108->111 110->111 112 c7a33f-c7a352 111->112 113 c7a35a-c7a35f 111->113 113->112
                      APIs
                      • SetErrorMode.KERNELBASE(?), ref: 00C7A330
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: ErrorMode
                      • String ID:
                      • API String ID: 2340568224-0
                      • Opcode ID: 7f6d10525cf21a588ef4fcb84f3ea568328849e93d308bb7490500fc9ae1eea6
                      • Instruction ID: e175710810b1a7d87e66980bc4d37afc1313943c9854d8480378c945021ac591
                      • Opcode Fuzzy Hash: 7f6d10525cf21a588ef4fcb84f3ea568328849e93d308bb7490500fc9ae1eea6
                      • Instruction Fuzzy Hash: 8E213A7140E3C0AFD7138B25DC55A66BFB49F47224F0D84DBDD848F2A3D269A808DB62
                      Function 00C7AC24 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 116 c7ac24-c7ac6a 118 c7ac6f-c7ac78 116->118 119 c7ac6c 116->119 120 c7ac7a-c7ac9a ShellExecuteExW 118->120 121 c7acb9-c7acbe 118->121 119->118 124 c7acc0-c7acc5 120->124 125 c7ac9c-c7acb8 120->125 121->120 124->125
                      APIs
                      • ShellExecuteExW.SHELL32(?), ref: 00C7AC80
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: ExecuteShell
                      • String ID:
                      • API String ID: 587946157-0
                      • Opcode ID: c01538a79ffd4fec7a823c974c928ce01705315dad029e6e11cb062f50124fca
                      • Instruction ID: 33b287182be85e0cea5426da2e2560b792d45f80e69fabcd7ddaedf3c83a005e
                      • Opcode Fuzzy Hash: c01538a79ffd4fec7a823c974c928ce01705315dad029e6e11cb062f50124fca
                      • Instruction Fuzzy Hash: D4116071609384AFD712CB25DC94B56BFF8DF56220F0884EAED49CB252D275E908CB62
                      Function 00C7A8A4 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 127 c7a8a4-c7a8ed 129 c7a8f2-c7a8fb 127->129 130 c7a8ef 127->130 131 c7a8fd-c7a91d SetFileAttributesW 129->131 132 c7a93c-c7a941 129->132 130->129 135 c7a943-c7a948 131->135 136 c7a91f-c7a93b 131->136 132->131 135->136
                      APIs
                      • SetFileAttributesW.KERNELBASE(?,?), ref: 00C7A903
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: e660f86eb67d1ef726d9eaf6764ddb0f052490e444bc56380807c381cc46a0fc
                      • Instruction ID: 9b488b47dc1fea84464eef9bbd2abc985143a731f2a8995d072c103f66094541
                      • Opcode Fuzzy Hash: e660f86eb67d1ef726d9eaf6764ddb0f052490e444bc56380807c381cc46a0fc
                      • Instruction Fuzzy Hash: DB11B6715043809FD711CF25DC84B56BFE8EF46320F0984AEED45CB252D274E954CB62
                      Function 00C7AA3E Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 138 c7aa3e-c7aa65 139 c7aa67 138->139 140 c7aa6a-c7aa70 138->140 139->140 141 c7aa75-c7aa7e 140->141 142 c7aa72 140->142 143 c7aac1-c7aac6 141->143 144 c7aa80-c7aa88 CopyFileW 141->144 142->141 143->144 146 c7aa8e-c7aaa0 144->146 147 c7aaa2-c7aabe 146->147 148 c7aac8-c7aacd 146->148 148->147
                      APIs
                      • CopyFileW.KERNELBASE(?,?,?), ref: 00C7AA86
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: CopyFile
                      • String ID:
                      • API String ID: 1304948518-0
                      • Opcode ID: 59fdc04d2d3c805bf2ff890a80b8757bc79257221a1d3b95f5f31ab3d1c59e66
                      • Instruction ID: 91d64622319b92d8891bc113225fd9c1e0ca3351ea48580458da26bde1abf51f
                      • Opcode Fuzzy Hash: 59fdc04d2d3c805bf2ff890a80b8757bc79257221a1d3b95f5f31ab3d1c59e66
                      • Instruction Fuzzy Hash: 93117C726002409FEB20CF2AD984B5ABBE8EF44720F08C46ADC09CB651E274E914DF62
                      Function 00C7A8C6 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 150 c7a8c6-c7a8ed 151 c7a8f2-c7a8fb 150->151 152 c7a8ef 150->152 153 c7a8fd-c7a905 SetFileAttributesW 151->153 154 c7a93c-c7a941 151->154 152->151 156 c7a90b-c7a91d 153->156 154->153 157 c7a943-c7a948 156->157 158 c7a91f-c7a93b 156->158 157->158
                      APIs
                      • SetFileAttributesW.KERNELBASE(?,?), ref: 00C7A903
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: a76c0c167d6235fd83763eade9c3ebbfc3d38a1b5d59f1ee44e76cc39a69d91e
                      • Instruction ID: c7302af777da249a0591ca088cfed904bc2bf168a87714d33312e7784ce943da
                      • Opcode Fuzzy Hash: a76c0c167d6235fd83763eade9c3ebbfc3d38a1b5d59f1ee44e76cc39a69d91e
                      • Instruction Fuzzy Hash: DF0192726002448FDB10CF29D98476AFBE8EF44324F08C4AADD49CB751E375E954CA62
                      Function 00C7AC46 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 160 c7ac46-c7ac6a 161 c7ac6f-c7ac78 160->161 162 c7ac6c 160->162 163 c7ac7a-c7ac82 ShellExecuteExW 161->163 164 c7acb9-c7acbe 161->164 162->161 165 c7ac88-c7ac9a 163->165 164->163 167 c7acc0-c7acc5 165->167 168 c7ac9c-c7acb8 165->168 167->168
                      APIs
                      • ShellExecuteExW.SHELL32(?), ref: 00C7AC80
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: ExecuteShell
                      • String ID:
                      • API String ID: 587946157-0
                      • Opcode ID: 09dc41b5b8ace4331ab51760376c44c1f29a5632f3d0ba33db8a9c403e673159
                      • Instruction ID: f97869ec281bb77fd6a21db608db4b153ee7610b4402afbca92a3aa4441f7fd9
                      • Opcode Fuzzy Hash: 09dc41b5b8ace4331ab51760376c44c1f29a5632f3d0ba33db8a9c403e673159
                      • Instruction Fuzzy Hash: 460192716042449FDB11CF6AD984756FBE8DF44320F08C4AADD09CB752E376E904CBA2
                      Function 00C7A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 170 c7a2fe-c7a328 171 c7a353-c7a358 170->171 172 c7a32a-c7a33d SetErrorMode 170->172 171->172 173 c7a33f-c7a352 172->173 174 c7a35a-c7a35f 172->174 174->173
                      APIs
                      • SetErrorMode.KERNELBASE(?), ref: 00C7A330
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091707111.0000000000C7A000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C7A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c7a000_lastest.jbxd
                      Similarity
                      • API ID: ErrorMode
                      • String ID:
                      • API String ID: 2340568224-0
                      • Opcode ID: 5fc7f907001666cbb114462bdca9f9f92decb3bb4253513b240046ac1336b3a7
                      • Instruction ID: 34ab6b4936c71e88a9efe8c798d4d65ba413d0c81400734746bd80b03baaa057
                      • Opcode Fuzzy Hash: 5fc7f907001666cbb114462bdca9f9f92decb3bb4253513b240046ac1336b3a7
                      • Instruction Fuzzy Hash: 43F0AF35904244CFDB20CF1AD984765FBE4EF44324F08C0AADD494B762E3B9E918DAA2
                      Function 00F70938 Relevance: .5, Instructions: 490COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 177 f70938-f70993 179 f70a2e-f70a30 177->179 180 f70999-f70a22 177->180 181 f70a37-f70a3c 179->181 329 f70a24 call ff05df 180->329 330 f70a24 call ff0606 180->330 182 f70a42-f70a7a 181->182 183 f70b1e-f70bc2 181->183 200 f70aa1-f70afc 182->200 201 f70a7c-f70a9a 182->201 221 f70c9e-f70ca7 183->221 222 f70bc8-f70c8b 183->222 238 f70b01 200->238 201->200 220 f70a2a-f70a2c 220->179 223 f70a32 220->223 225 f70d51-f70d5a 221->225 226 f70cad-f70d3e 221->226 222->221 223->181 227 f70d5c-f70d73 225->227 228 f70d7a-f70d83 225->228 226->225 227->228 231 f70d85-f70d96 228->231 232 f70da9-f70db2 228->232 231->232 236 f70f33-f70f3a 232->236 237 f70db8-f70e06 232->237 257 f70f1c-f70f2d 237->257 238->183 257->236 259 f70e0b-f70e14 257->259 261 f70f40-f70fd1 259->261 262 f70e1a-f70f1a 259->262 291 f70fd7-f70fe8 261->291 292 f710ca 261->292 262->257 311 f70f3b 262->311 299 f70fea-f7100b 291->299 294 f710cc-f710d3 292->294 306 f71012-f71048 299->306 307 f7100d 299->307 316 f7104f-f71077 306->316 317 f7104a 306->317 307->306 311->261 321 f7107d-f710a1 316->321 322 f71079-f7107b 316->322 317->316 325 f710a3-f710a8 321->325 326 f710aa-f710b4 321->326 322->294 325->294 327 f710b6-f710b8 326->327 328 f710ba-f710c4 326->328 327->294 328->292 328->299 329->220 330->220
                      Memory Dump Source
                      • Source File: 00000000.00000002.2092103442.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_f70000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b5a295d7bc3e8ab3a0eac0ce5cc75d5b16da16435e2e44a8d688e6237f83f619
                      • Instruction ID: b1d83bf3f026202e7eed32f8a08256a71d1d2dc9a73dc02ca2e5d1073638392f
                      • Opcode Fuzzy Hash: b5a295d7bc3e8ab3a0eac0ce5cc75d5b16da16435e2e44a8d688e6237f83f619
                      • Instruction Fuzzy Hash: 38026D317002108FCB19EB78D455B6E77E6EF88319B20847AD406DB3A9DF399C46DB92
                      Function 00F70310 Relevance: .2, Instructions: 189COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2092103442.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_f70000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4c3bea4383435a1297fdef17aa66d35589a97d89307e6bba8bbf5e7c30118ec7
                      • Instruction ID: 500554414f61cec5f3473464bc5b8a2bdf6a21f17248c2c48ddd2dcb3b022530
                      • Opcode Fuzzy Hash: 4c3bea4383435a1297fdef17aa66d35589a97d89307e6bba8bbf5e7c30118ec7
                      • Instruction Fuzzy Hash: 3151F231B002108BDB18AB79D81177E76E7AF85348B54847AE406CF3E5DF39DC0697A6
                      Function 00F70014 Relevance: .2, Instructions: 179COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2092103442.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_f70000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 58241d81dd0a8b7542b3849b9ad6615b6c2810800ceb93378115988a67749350
                      • Instruction ID: 5f79756689acee38086bf3333b8229949612600892b2086fa93237be7e4c5320
                      • Opcode Fuzzy Hash: 58241d81dd0a8b7542b3849b9ad6615b6c2810800ceb93378115988a67749350
                      • Instruction Fuzzy Hash: 157165302093958FC715FB38E955A497BB2EF4224834588ABD444CF2ABDB785D4ECBD1
                      Function 00F703BD Relevance: .1, Instructions: 135COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2092103442.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_f70000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fe44beb99e8dd6a0a58b4c16dee64366b0e875ff458c30e16ebaaa4b963b2b95
                      • Instruction ID: 1b0cc12dc10ed1cf0e6bf986810912ae6d8558e3b257efb598d1cc697e090652
                      • Opcode Fuzzy Hash: fe44beb99e8dd6a0a58b4c16dee64366b0e875ff458c30e16ebaaa4b963b2b95
                      • Instruction Fuzzy Hash: 2F41EC31B001248B8B18BB7994117BD36D79FC4248B58843AE406DF3E5EF398D06A7A7
                      Function 00FF05DF Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2092129608.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ff0000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0f09d2756bc0042d4e7e300eff8e196396ac575680fbb1b2b3d87d5553a0c4ff
                      • Instruction ID: d84e94f9252ba91c35166ed72183b8bd6a37db55b970857dd67aeb55d030ed2f
                      • Opcode Fuzzy Hash: 0f09d2756bc0042d4e7e300eff8e196396ac575680fbb1b2b3d87d5553a0c4ff
                      • Instruction Fuzzy Hash: D501DB755497806FD7128F15AC40862FFF8DF86620B09C4AFEC498B752D2657809DB72
                      Function 00F70889 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2092103442.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_f70000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c852671bd6df4e08ee72a08edba387c715e61916d45b0a628ca526420b785a54
                      • Instruction ID: c144b1c3a587af58fc844b6201c87b5a78dedc99ade2c7f7642aab780f0db7b6
                      • Opcode Fuzzy Hash: c852671bd6df4e08ee72a08edba387c715e61916d45b0a628ca526420b785a54
                      • Instruction Fuzzy Hash: EB0156306083428FC711FB74D46855D7BF1EF8430CB45C86DE889CB3A5DB3588099B56
                      Function 00FF0606 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2092129608.0000000000FF0000.00000040.00000020.00020000.00000000.sdmp, Offset: 00FF0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_ff0000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b557402697377dd3aacf74a5ebbd5f46dd040cebb08493e638f54cf1b0e5b477
                      • Instruction ID: 1969577f0e9cc044e256ea89066ce0d5dba9aed60917fe3ceb9125f59f49536c
                      • Opcode Fuzzy Hash: b557402697377dd3aacf74a5ebbd5f46dd040cebb08493e638f54cf1b0e5b477
                      • Instruction Fuzzy Hash: 55E092BA6006404B9650DF0AEC81452F7D8EB84630B48C47FDC0D8BB11E275B508CAA5
                      Function 00C723F4 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091694811.0000000000C72000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C72000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c72000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1e982977be7fa88096ec3e48247f04ea8d0079fef4d6a7c044eb2311b89ee962
                      • Instruction ID: 1dd47e0e129f50f805c8c6e4c95fb90454b41154af774467044110407be76eaa
                      • Opcode Fuzzy Hash: 1e982977be7fa88096ec3e48247f04ea8d0079fef4d6a7c044eb2311b89ee962
                      • Instruction Fuzzy Hash: A0D05E7A2056D18FD3269B1CC6A4B9937D4AB51718F4A84F9A804CB763C768DA81E610
                      Function 00C723BC Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2091694811.0000000000C72000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C72000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_c72000_lastest.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 997b7f278b1774fc4163daa70a78cc9ab5479650cb13d22e34b7e5daec7f25ea
                      • Instruction ID: a986dc8662d672153bf1b070e05ce73085dd233fb2326b41ed736c1af461b16d
                      • Opcode Fuzzy Hash: 997b7f278b1774fc4163daa70a78cc9ab5479650cb13d22e34b7e5daec7f25ea
                      • Instruction Fuzzy Hash: 0FD05E342006814BC725DA0CC2D4F5937D8AB40714F0684ECAC208B772C7A9D9C0DA00

                      Execution Graph

                      Execution Coverage:20.8%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:8%
                      Total number of Nodes:176
                      Total number of Limit Nodes:9
                      execution_graph 7810 332a172 7811 332a1c2 EnumWindows 7810->7811 7812 332a1ca 7811->7812 7649 332afb6 7652 332afeb GetFileType 7649->7652 7651 332b018 7652->7651 7817 60c1646 7819 60c167e ConvertStringSecurityDescriptorToSecurityDescriptorW 7817->7819 7820 60c16bf 7819->7820 7821 332a2fe 7822 332a353 7821->7822 7823 332a32a SetErrorMode 7821->7823 7822->7823 7824 332a33f 7823->7824 7653 60c3182 7654 60c31b7 ioctlsocket 7653->7654 7656 60c31e3 7654->7656 7825 60c01c2 7826 60c01f7 NtQuerySystemInformation 7825->7826 7827 60c0222 7825->7827 7828 60c020c 7826->7828 7827->7826 7657 332ba22 7659 332ba4b LookupPrivilegeValueW 7657->7659 7660 332ba72 7659->7660 7661 332bba2 7664 332bbd1 AdjustTokenPrivileges 7661->7664 7663 332bbf3 7664->7663 7829 60c325e 7831 60c3287 select 7829->7831 7832 60c32bc 7831->7832 7665 60c121a 7666 60c1252 WSASocketW 7665->7666 7668 60c128e 7666->7668 7669 60c1a9a 7670 60c1acf shutdown 7669->7670 7672 60c1af8 7670->7672 7673 332b32a 7675 332b35f WriteFile 7673->7675 7676 332b391 7675->7676 7677 60c3416 7680 60c344b SetProcessWorkingSetSize 7677->7680 7679 60c3477 7680->7679 7837 60c1d56 7839 60c1d91 getaddrinfo 7837->7839 7840 60c1e03 7839->7840 7685 332a392 7687 332a3c7 RegQueryValueExW 7685->7687 7688 332a41b 7687->7688 7841 332ab52 7842 332ab8a RegOpenKeyExW 7841->7842 7844 332abe0 7842->7844 7689 5c218e0 7690 5c2152a 7689->7690 7695 5c219b7 7690->7695 7700 5c21929 7690->7700 7705 5c21999 7690->7705 7710 5c219ca 7690->7710 7696 5c219be 7695->7696 7697 5c21b14 7696->7697 7715 5c22940 7696->7715 7719 5c22931 7696->7719 7701 5c21963 7700->7701 7702 5c21b14 7701->7702 7703 5c22940 2 API calls 7701->7703 7704 5c22931 2 API calls 7701->7704 7703->7702 7704->7702 7706 5c219a0 7705->7706 7707 5c21b14 7706->7707 7708 5c22940 2 API calls 7706->7708 7709 5c22931 2 API calls 7706->7709 7708->7707 7709->7707 7711 5c219d1 7710->7711 7712 5c21b14 7711->7712 7713 5c22940 2 API calls 7711->7713 7714 5c22931 2 API calls 7711->7714 7713->7712 7714->7712 7716 5c2296b 7715->7716 7717 5c229b3 7716->7717 7723 5c22f63 7716->7723 7717->7697 7720 5c22940 7719->7720 7721 5c229b3 7720->7721 7722 5c22f63 2 API calls 7720->7722 7721->7697 7722->7721 7724 5c22f8d 7723->7724 7728 60c1fc2 7724->7728 7732 60c2032 7724->7732 7725 5c22fc8 7725->7717 7729 60c2032 GetVolumeInformationA 7728->7729 7731 60c208a 7729->7731 7731->7725 7733 60c2082 GetVolumeInformationA 7732->7733 7734 60c208a 7733->7734 7734->7725 7735 332be16 7737 332be4b GetExitCodeProcess 7735->7737 7738 332be74 7737->7738 7845 332add6 7846 332adff CopyFileW 7845->7846 7848 332ae26 7846->7848 7849 60c026a 7850 60c02a8 DuplicateHandle 7849->7850 7852 60c02e0 7849->7852 7851 60c02b6 7850->7851 7852->7850 7853 60c1c6a 7854 60c1c9f GetProcessTimes 7853->7854 7856 60c1cd1 7854->7856 7739 332a09a 7740 332a107 7739->7740 7741 332a0cf send 7739->7741 7740->7741 7742 332a0dd 7741->7742 7857 332ac5a 7859 332ac83 SetFileAttributesW 7857->7859 7860 332ac9f 7859->7860 7743 5c2006b 7746 5c20076 7743->7746 7749 5c20368 7743->7749 7753 5c203bd 7743->7753 7757 5c2035b 7743->7757 7761 5c20509 7743->7761 7750 5c20387 7749->7750 7751 5c205bf 7750->7751 7765 5c21eaf 7750->7765 7751->7746 7755 5c203c4 7753->7755 7754 5c205bf 7754->7746 7755->7754 7756 5c21eaf 2 API calls 7755->7756 7756->7754 7759 5c20368 7757->7759 7758 5c205bf 7758->7746 7759->7758 7760 5c21eaf 2 API calls 7759->7760 7760->7758 7763 5c20510 7761->7763 7762 5c205bf 7762->7746 7763->7762 7764 5c21eaf 2 API calls 7763->7764 7764->7762 7766 5c21ee4 7765->7766 7767 5c21f01 7766->7767 7770 332bef2 7766->7770 7774 332bed0 7766->7774 7767->7751 7771 332bf52 7770->7771 7772 332bf27 NtSetInformationProcess 7770->7772 7771->7772 7773 332bf3c 7772->7773 7773->7767 7775 332bef2 NtSetInformationProcess 7774->7775 7777 332bf3c 7775->7777 7777->7767 7778 60c2226 7779 60c227e 7778->7779 7780 60c2255 CoGetObjectContext 7778->7780 7779->7780 7781 60c226a 7780->7781 7782 332ae9e 7785 332aed6 CreateFileW 7782->7785 7784 332af25 7785->7784 7786 60c22be 7788 60c22f9 LoadLibraryA 7786->7788 7789 60c2336 7788->7789 7864 60c00fe 7865 60c012a K32EnumProcesses 7864->7865 7867 60c0146 7865->7867 7790 332aa06 7791 332aa35 WaitForInputIdle 7790->7791 7792 332aa6b 7790->7792 7793 332aa43 7791->7793 7792->7791 7794 332a486 7795 332a4bb RegSetValueExW 7794->7795 7797 332a507 7795->7797 7868 332a646 7869 332a67e CreateMutexW 7868->7869 7871 332a6c1 7869->7871 7872 332b1ca 7873 332b1f6 FindClose 7872->7873 7874 332b228 7872->7874 7875 332b20b 7873->7875 7874->7873 7798 60c1f36 7799 60c1f6b WSAConnect 7798->7799 7801 60c1f8a 7799->7801 7876 60c17f6 7877 60c182e MapViewOfFile 7876->7877 7879 60c187d 7877->7879 7880 332a74e 7881 332a77a CloseHandle 7880->7881 7882 332a7b9 7880->7882 7883 332a788 7881->7883 7882->7881 7802 60c3332 7803 60c3367 GetProcessWorkingSetSize 7802->7803 7805 60c3393 7803->7805 7806 60c2fb2 7807 60c2fea RegCreateKeyExW 7806->7807 7809 60c305c 7807->7809

                      Executed Functions

                      Function 0332BB6B Relevance: 1.6, APIs: 1, Instructions: 75COMMON
                      Download Yara Rule
                      APIs
                      • AdjustTokenPrivileges.KERNELBASE ref: 0332BBEB
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: AdjustPrivilegesToken
                      • String ID:
                      • API String ID: 2874748243-0
                      • Opcode ID: 30a1f5eab6530213af193ba9c9d3e7777fd3bd2abb87acc1273ff5eb9f8dcd02
                      • Instruction ID: 41dc28740ef67ba0ff805f73ea0a9e07cdc4c93ca1b6631c5145afe43f0f343c
                      • Opcode Fuzzy Hash: 30a1f5eab6530213af193ba9c9d3e7777fd3bd2abb87acc1273ff5eb9f8dcd02
                      • Instruction Fuzzy Hash: 3621BF755093849FDB22CF25DC80B52FFB8EF06310F0884DAE9858B163D275A818DB62
                      Function 060C0187 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 060C01FD
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: InformationQuerySystem
                      • String ID:
                      • API String ID: 3562636166-0
                      • Opcode ID: 8ff1e44cacfa9936c925d2f077e2a7c829a9587ed5b98b9fe0563cd04e1578d1
                      • Instruction ID: 245b0dd50d543fae135af574ce8cfd8d2c16f646393de7dde92ca94a34a609ca
                      • Opcode Fuzzy Hash: 8ff1e44cacfa9936c925d2f077e2a7c829a9587ed5b98b9fe0563cd04e1578d1
                      • Instruction Fuzzy Hash: A221AE715097C0AFDB238B21DC45A52FFB0EF16224F0984CFE9854B1A3D266A91DDB62
                      Function 0332BBA2 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                      Download Yara Rule
                      APIs
                      • AdjustTokenPrivileges.KERNELBASE ref: 0332BBEB
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: AdjustPrivilegesToken
                      • String ID:
                      • API String ID: 2874748243-0
                      • Opcode ID: 5a943b62194595cb235019c9e6fc65240b0f33cabe8cd80422df751dd15a39f1
                      • Instruction ID: d0957249e56bb04d0547450585621cdff44bdc260f70e9f98996e16542c05103
                      • Opcode Fuzzy Hash: 5a943b62194595cb235019c9e6fc65240b0f33cabe8cd80422df751dd15a39f1
                      • Instruction Fuzzy Hash: 0D1170716002449FDB20CF55DD84B66FFE8EF04220F08C8AEED858B662D775E418DB61
                      Function 0332BED0 Relevance: 1.6, APIs: 1, Instructions: 50nativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 0332BF2D
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: InformationProcess
                      • String ID:
                      • API String ID: 1801817001-0
                      • Opcode ID: 9dc1ccc3cecdc475f48a5cd4b5d9f578a05a92b4acbd929c03d946390823bea0
                      • Instruction ID: 3bd00390ad602a55a0d4a91aac6e2bc6b80a94029eed9d9873f53eac3bda811e
                      • Opcode Fuzzy Hash: 9dc1ccc3cecdc475f48a5cd4b5d9f578a05a92b4acbd929c03d946390823bea0
                      • Instruction Fuzzy Hash: 0611A371409380AFDB22CF11DC84E52FFB4EF06220F09C49EED844B662C275A818DB61
                      Function 060C01C2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 060C01FD
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: InformationQuerySystem
                      • String ID:
                      • API String ID: 3562636166-0
                      • Opcode ID: 51d299e9698390eed9fd194708ccfe0c3cb05f4db7e8d756425ee681fac7c361
                      • Instruction ID: b95432cc05b88fdb7f0c0990725e3165801c7cd1973fa8cbc3b4d36d8ae0b963
                      • Opcode Fuzzy Hash: 51d299e9698390eed9fd194708ccfe0c3cb05f4db7e8d756425ee681fac7c361
                      • Instruction Fuzzy Hash: 17018F35500244DFEB60CF45D984B65FFE0EF08234F08C4AEDD460A652D376E468DBA2
                      Function 0332BEF2 Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON
                      Download Yara Rule
                      APIs
                      • NtSetInformationProcess.NTDLL(?,?,?,?), ref: 0332BF2D
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: InformationProcess
                      • String ID:
                      • API String ID: 1801817001-0
                      • Opcode ID: bbb9a513493ebdd4655c530e7e8f2e6b82718f857af12f2d5bac32924e4751f3
                      • Instruction ID: 30befc76669f3d1c21f70cde06656c6ce7da719d492849688829259f21289185
                      • Opcode Fuzzy Hash: bbb9a513493ebdd4655c530e7e8f2e6b82718f857af12f2d5bac32924e4751f3
                      • Instruction Fuzzy Hash: B5018F315002449FDB20CF45D984B61FFE4EF04320F08C5AADD894A652D375E428DF62
                      Function 05C2035B Relevance: 3.9, Strings: 3, Instructions: 162COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 5c2035b-5c20391 3 5c20393-5c203ce 0->3 4 5c203d8-5c20418 0->4 3->4 11 5c2041a 4->11 12 5c2041f 4->12 11->12 62 5c2041f call 5c20c22 12->62 63 5c2041f call 5c20b03 12->63 64 5c2041f call 3401001 12->64 65 5c2041f call 5c20d40 12->65 66 5c2041f call 5c20f05 12->66 67 5c2041f call 3401028 12->67 68 5c2041f call 3401049 12->68 69 5c2041f call 5c20ba8 12->69 70 5c2041f call 340106e 12->70 71 5c2041f call 34010ae 12->71 72 5c2041f call 5c20c8d 12->72 73 5c2041f call 5c20e55 12->73 74 5c2041f call 3401038 12->74 75 5c2041f call 5c20d98 12->75 76 5c2041f call 5c20958 12->76 13 5c20425-5c20434 14 5c20436-5c20460 13->14 15 5c2046b-5c204b5 13->15 14->15 49 5c204b7 call 3401001 15->49 50 5c204b7 call 3401028 15->50 51 5c204b7 call 3401038 15->51 52 5c204b7 call 3401049 15->52 53 5c204b7 call 340106e 15->53 54 5c204b7 call 34010ae 15->54 26 5c204bd-5c20523 34 5c20570-5c20587 26->34 35 5c20525-5c20531 26->35 36 5c20880-5c20892 34->36 37 5c2058d-5c205b4 34->37 77 5c20533 call 3401001 35->77 78 5c20533 call 3401028 35->78 79 5c20533 call 3401038 35->79 80 5c20533 call 3401049 35->80 81 5c20533 call 340106e 35->81 82 5c20533 call 34010ae 35->82 55 5c205b9 call 3401001 37->55 56 5c205b9 call 3401028 37->56 57 5c205b9 call 3401038 37->57 58 5c205b9 call 3401049 37->58 59 5c205b9 call 5c21eaf 37->59 60 5c205b9 call 340106e 37->60 61 5c205b9 call 34010ae 37->61 41 5c20539-5c20569 41->34 46 5c205bf 46->36 49->26 50->26 51->26 52->26 53->26 54->26 55->46 56->46 57->46 58->46 59->46 60->46 61->46 62->13 63->13 64->13 65->13 66->13 67->13 68->13 69->13 70->13 71->13 72->13 73->13 74->13 75->13 76->13 77->41 78->41 79->41 80->41 81->41 82->41
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID: [Pi^$-[Pi^$=[Pi^
                      • API String ID: 0-1956601795
                      • Opcode ID: f3f7577ad6d45aa039b42a8af8f97ed171c20b601e7e9ee1c3eeefc5f60aee85
                      • Instruction ID: 65b2da49b4e71cbbc69a1eaddd4220daa14fc6cb0d28c186445f5e89aba08a87
                      • Opcode Fuzzy Hash: f3f7577ad6d45aa039b42a8af8f97ed171c20b601e7e9ee1c3eeefc5f60aee85
                      • Instruction Fuzzy Hash: F7510535B002148BDB18EB79945567E36DBAFC5244B54C43EE402DB3E4DF3E8C4687A2
                      Function 05C20368 Relevance: 3.9, Strings: 3, Instructions: 159COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 83 5c20368-5c20391 85 5c20393-5c203ce 83->85 86 5c203d8-5c20418 83->86 85->86 93 5c2041a 86->93 94 5c2041f 86->94 93->94 144 5c2041f call 5c20c22 94->144 145 5c2041f call 5c20b03 94->145 146 5c2041f call 3401001 94->146 147 5c2041f call 5c20d40 94->147 148 5c2041f call 5c20f05 94->148 149 5c2041f call 3401028 94->149 150 5c2041f call 3401049 94->150 151 5c2041f call 5c20ba8 94->151 152 5c2041f call 340106e 94->152 153 5c2041f call 34010ae 94->153 154 5c2041f call 5c20c8d 94->154 155 5c2041f call 5c20e55 94->155 156 5c2041f call 3401038 94->156 157 5c2041f call 5c20d98 94->157 158 5c2041f call 5c20958 94->158 95 5c20425-5c20434 96 5c20436-5c20460 95->96 97 5c2046b-5c204b5 95->97 96->97 131 5c204b7 call 3401001 97->131 132 5c204b7 call 3401028 97->132 133 5c204b7 call 3401038 97->133 134 5c204b7 call 3401049 97->134 135 5c204b7 call 340106e 97->135 136 5c204b7 call 34010ae 97->136 108 5c204bd-5c20523 116 5c20570-5c20587 108->116 117 5c20525-5c20531 108->117 118 5c20880-5c20892 116->118 119 5c2058d-5c205b4 116->119 159 5c20533 call 3401001 117->159 160 5c20533 call 3401028 117->160 161 5c20533 call 3401038 117->161 162 5c20533 call 3401049 117->162 163 5c20533 call 340106e 117->163 164 5c20533 call 34010ae 117->164 137 5c205b9 call 3401001 119->137 138 5c205b9 call 3401028 119->138 139 5c205b9 call 3401038 119->139 140 5c205b9 call 3401049 119->140 141 5c205b9 call 5c21eaf 119->141 142 5c205b9 call 340106e 119->142 143 5c205b9 call 34010ae 119->143 123 5c20539-5c20569 123->116 128 5c205bf 128->118 131->108 132->108 133->108 134->108 135->108 136->108 137->128 138->128 139->128 140->128 141->128 142->128 143->128 144->95 145->95 146->95 147->95 148->95 149->95 150->95 151->95 152->95 153->95 154->95 155->95 156->95 157->95 158->95 159->123 160->123 161->123 162->123 163->123 164->123
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID: [Pi^$-[Pi^$=[Pi^
                      • API String ID: 0-1956601795
                      • Opcode ID: 9597da4fe336b453db81007438f91d4de5d48c77cd68b06a69980e4ca1dae289
                      • Instruction ID: 5c1298e41c1dfa0660953dc54cdd41b51dcd5e08dcfcb92968cfcd66e2ae4709
                      • Opcode Fuzzy Hash: 9597da4fe336b453db81007438f91d4de5d48c77cd68b06a69980e4ca1dae289
                      • Instruction Fuzzy Hash: 7451E439B002148BDB18EB79945567E76DBAFC5244B54C43EE402DB3E4DF3E8C4687A2
                      Function 05C203BD Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 165 5c203bd-5c20418 173 5c2041a 165->173 174 5c2041f 165->174 173->174 224 5c2041f call 5c20c22 174->224 225 5c2041f call 5c20b03 174->225 226 5c2041f call 3401001 174->226 227 5c2041f call 5c20d40 174->227 228 5c2041f call 5c20f05 174->228 229 5c2041f call 3401028 174->229 230 5c2041f call 3401049 174->230 231 5c2041f call 5c20ba8 174->231 232 5c2041f call 340106e 174->232 233 5c2041f call 34010ae 174->233 234 5c2041f call 5c20c8d 174->234 235 5c2041f call 5c20e55 174->235 236 5c2041f call 3401038 174->236 237 5c2041f call 5c20d98 174->237 238 5c2041f call 5c20958 174->238 175 5c20425-5c20434 176 5c20436-5c20460 175->176 177 5c2046b-5c204b5 175->177 176->177 211 5c204b7 call 3401001 177->211 212 5c204b7 call 3401028 177->212 213 5c204b7 call 3401038 177->213 214 5c204b7 call 3401049 177->214 215 5c204b7 call 340106e 177->215 216 5c204b7 call 34010ae 177->216 188 5c204bd-5c20523 196 5c20570-5c20587 188->196 197 5c20525-5c20531 188->197 198 5c20880-5c20892 196->198 199 5c2058d-5c205b4 196->199 239 5c20533 call 3401001 197->239 240 5c20533 call 3401028 197->240 241 5c20533 call 3401038 197->241 242 5c20533 call 3401049 197->242 243 5c20533 call 340106e 197->243 244 5c20533 call 34010ae 197->244 217 5c205b9 call 3401001 199->217 218 5c205b9 call 3401028 199->218 219 5c205b9 call 3401038 199->219 220 5c205b9 call 3401049 199->220 221 5c205b9 call 5c21eaf 199->221 222 5c205b9 call 340106e 199->222 223 5c205b9 call 34010ae 199->223 203 5c20539-5c20569 203->196 208 5c205bf 208->198 211->188 212->188 213->188 214->188 215->188 216->188 217->208 218->208 219->208 220->208 221->208 222->208 223->208 224->175 225->175 226->175 227->175 228->175 229->175 230->175 231->175 232->175 233->175 234->175 235->175 236->175 237->175 238->175 239->203 240->203 241->203 242->203 243->203 244->203
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID: [Pi^$-[Pi^$=[Pi^
                      • API String ID: 0-1956601795
                      • Opcode ID: 140c20b5da6856d5724feac1d1a2464e17cdf293e3ec0ff9e39095e4d32a9091
                      • Instruction ID: cf136ab9e91d648f50e96c901d039b419ea082082423430e079387e8f6f6fbbf
                      • Opcode Fuzzy Hash: 140c20b5da6856d5724feac1d1a2464e17cdf293e3ec0ff9e39095e4d32a9091
                      • Instruction Fuzzy Hash: A7410339B001244BDB18E77995956BE36DB9FC5248B54C83EE402EF3E0DF2D8C0687A2
                      Function 060C2F86 Relevance: 1.6, APIs: 1, Instructions: 99registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 245 60c2f86-60c300a 249 60c300c 245->249 250 60c300f-60c301b 245->250 249->250 251 60c301d 250->251 252 60c3020-60c3029 250->252 251->252 253 60c302e-60c3045 252->253 254 60c302b 252->254 256 60c3087-60c308c 253->256 257 60c3047-60c305a RegCreateKeyExW 253->257 254->253 256->257 258 60c305c-60c3084 257->258 259 60c308e-60c3093 257->259 259->258
                      APIs
                      • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 060C304D
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: ec854fa37f79fb51ee78325f076e0cadf256af786111dd14a292ffe01cb53aaf
                      • Instruction ID: 63551920b99ecf47314b5eaecb0a57fce87c3abb57ae880759fb0178ea61e60b
                      • Opcode Fuzzy Hash: ec854fa37f79fb51ee78325f076e0cadf256af786111dd14a292ffe01cb53aaf
                      • Instruction Fuzzy Hash: A0317E72544344AFE7218B65CC44FA7BFECEF05224F08859EE9859B662D324E908CBA1
                      Function 060C1107 Relevance: 1.6, APIs: 1, Instructions: 98registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 264 60c1107-60c1127 265 60c1149-60c117b 264->265 266 60c1129-60c1148 264->266 270 60c117e-60c11d6 RegQueryValueExW 265->270 266->265 272 60c11dc-60c11f2 270->272
                      APIs
                      • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 060C11CE
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 16cde9003dfb02ebe1ef0373611e7f58472e360126516729376bc46f3de6c236
                      • Instruction ID: 93b9151aac3460d27a091f4025ca525d760b22638f17b4492a06fa7401f9a94b
                      • Opcode Fuzzy Hash: 16cde9003dfb02ebe1ef0373611e7f58472e360126516729376bc46f3de6c236
                      • Instruction Fuzzy Hash: C2317E6510E3C06FD3138B258C61A61BFB4EF47610F0E85CBD8848B6A3D1296909C7B2
                      Function 060C1D34 Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 273 60c1d34-60c1df3 279 60c1e45-60c1e4a 273->279 280 60c1df5-60c1dfd getaddrinfo 273->280 279->280 281 60c1e03-60c1e15 280->281 283 60c1e4c-60c1e51 281->283 284 60c1e17-60c1e42 281->284 283->284
                      APIs
                      • getaddrinfo.WS2_32(?,00000E24), ref: 060C1DFB
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: getaddrinfo
                      • String ID:
                      • API String ID: 300660673-0
                      • Opcode ID: cbcf1e23f5338b4fb27d3b8b3931b6c88250bed1118f2f78272599dc058159cc
                      • Instruction ID: 37d599459f0648d17138b5334a376f2e6af679a71778038761dd02c1782a3084
                      • Opcode Fuzzy Hash: cbcf1e23f5338b4fb27d3b8b3931b6c88250bed1118f2f78272599dc058159cc
                      • Instruction Fuzzy Hash: 983181B1504344AFE721CB51DC44FA7FBACEF15324F04889AFA449B692D375A948CB61
                      Function 060C1FC2 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 288 60c1fc2-60c2084 GetVolumeInformationA 291 60c208a-60c20b3 288->291
                      APIs
                      • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 060C2082
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: InformationVolume
                      • String ID:
                      • API String ID: 2039140958-0
                      • Opcode ID: c09238ace6e25b379af0de6b5e26edaf2565696d206e1b785df70314086611af
                      • Instruction ID: 0b92783ec48db6f45e2c112a9e3cabcd694bf3cdebb297696d8e78495a6b62c5
                      • Opcode Fuzzy Hash: c09238ace6e25b379af0de6b5e26edaf2565696d206e1b785df70314086611af
                      • Instruction Fuzzy Hash: 3431817150D3C16FD3138B358C61AA2BFB4AF47210F0D85DBE8C49F6A3D225A959C7A2
                      Function 0332AB1E Relevance: 1.6, APIs: 1, Instructions: 91registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 293 332ab1e-332ab84 295 332ab8a-332ab9b 293->295 296 332aba1-332abad 295->296 297 332abb2-332abc9 296->297 298 332abaf 296->298 300 332ac0b-332ac10 297->300 301 332abcb-332abde RegOpenKeyExW 297->301 298->297 300->301 302 332ac12-332ac17 301->302 303 332abe0-332ac08 301->303 302->303
                      APIs
                      • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0332ABD1
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: Open
                      • String ID:
                      • API String ID: 71445658-0
                      • Opcode ID: fa26d323c725f93d45250ee4c5578381ca71c82b3f9f7b7349d6578f6bd2efc7
                      • Instruction ID: 9e8bc0dde913b05d93be7c5ad39d40858fba957c6005793d46ac68851338bd95
                      • Opcode Fuzzy Hash: fa26d323c725f93d45250ee4c5578381ca71c82b3f9f7b7349d6578f6bd2efc7
                      • Instruction Fuzzy Hash: 0E3195714083846FE722CB55CC84FA7FFBCEF06214F08849AE985DB652D224A918CB71
                      Function 060C1C2C Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 308 60c1c2c-60c1cc1 313 60c1d0e-60c1d13 308->313 314 60c1cc3-60c1ccb GetProcessTimes 308->314 313->314 316 60c1cd1-60c1ce3 314->316 317 60c1d15-60c1d1a 316->317 318 60c1ce5-60c1d0b 316->318 317->318
                      APIs
                      • GetProcessTimes.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C1CC9
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ProcessTimes
                      • String ID:
                      • API String ID: 1995159646-0
                      • Opcode ID: 1fe27519b5c09d9e4e05dd3d2fdf94cbe1c948361798037955f83109cb76df23
                      • Instruction ID: 7979aa485ebef67630e3e0ad96169627f7d8ccee7b43bef5801655094e8175c2
                      • Opcode Fuzzy Hash: 1fe27519b5c09d9e4e05dd3d2fdf94cbe1c948361798037955f83109cb76df23
                      • Instruction Fuzzy Hash: 6E31E8725093805FD7228F60DD45B96BFB8EF06324F0884AEE9458B153D3359909C761
                      Function 060C1620 Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 337 60c1620-60c16a1 341 60c16a6-60c16af 337->341 342 60c16a3 337->342 343 60c1707-60c170c 341->343 344 60c16b1-60c16b9 ConvertStringSecurityDescriptorToSecurityDescriptorW 341->344 342->341 343->344 346 60c16bf-60c16d1 344->346 347 60c170e-60c1713 346->347 348 60c16d3-60c1704 346->348 347->348
                      APIs
                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 060C16B7
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: DescriptorSecurity$ConvertString
                      • String ID:
                      • API String ID: 3907675253-0
                      • Opcode ID: c1bf4cd543ec3a203dcc45d98629578d70621aeac6a279c92c58607a1ff0a5e5
                      • Instruction ID: 7eb2ff90190cc0b7052069e20bad64ec708adfada371f09a3a8d6cd3e4ddd4bb
                      • Opcode Fuzzy Hash: c1bf4cd543ec3a203dcc45d98629578d70621aeac6a279c92c58607a1ff0a5e5
                      • Instruction Fuzzy Hash: FE319371504384AFE721CB65DC45FA7BFF8EF06224F0884AAE984DB652D374E818CB61
                      Function 0332A612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 321 332a612-332a695 325 332a697 321->325 326 332a69a-332a6a3 321->326 325->326 327 332a6a5 326->327 328 332a6a8-332a6b1 326->328 327->328 329 332a702-332a707 328->329 330 332a6b3-332a6d7 CreateMutexW 328->330 329->330 333 332a709-332a70e 330->333 334 332a6d9-332a6ff 330->334 333->334
                      APIs
                      • CreateMutexW.KERNEL32(?,?), ref: 0332A6B9
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: c0f1b58479287379d430f8af71f48ba51386051c61f1e528142d1f784991d713
                      • Instruction ID: 0ee4d79e638f3a4d923697f063a94ab0668d4b4435523d4ad9f4c7411762daa0
                      • Opcode Fuzzy Hash: c0f1b58479287379d430f8af71f48ba51386051c61f1e528142d1f784991d713
                      • Instruction Fuzzy Hash: 2D31B3715093805FE721CB65DC85B96FFF8EF06214F08849AE984CB293D375E909C761
                      Function 060C2FB2 Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 380 60c2fb2-60c300a 383 60c300c 380->383 384 60c300f-60c301b 380->384 383->384 385 60c301d 384->385 386 60c3020-60c3029 384->386 385->386 387 60c302e-60c3045 386->387 388 60c302b 386->388 390 60c3087-60c308c 387->390 391 60c3047-60c305a RegCreateKeyExW 387->391 388->387 390->391 392 60c305c-60c3084 391->392 393 60c308e-60c3093 391->393 393->392
                      APIs
                      • RegCreateKeyExW.KERNEL32(?,00000E24), ref: 060C304D
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: Create
                      • String ID:
                      • API String ID: 2289755597-0
                      • Opcode ID: 4749443880b0befa8508adb5d404f9c06af2f69197f465efe669680cd1ef2be3
                      • Instruction ID: 960933e015c943ea186767d53fac45b22f73b2212277693f504a79b2ad7aab81
                      • Opcode Fuzzy Hash: 4749443880b0befa8508adb5d404f9c06af2f69197f465efe669680cd1ef2be3
                      • Instruction Fuzzy Hash: 69219C72500304AFEB70DB15CD44FABBBECEF08624F04892EE945D6652E734E518CBA1
                      Function 0332AE79 Relevance: 1.6, APIs: 1, Instructions: 86fileCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 352 332ae79-332aef6 356 332aefb-332af07 352->356 357 332aef8 352->357 358 332af09 356->358 359 332af0c-332af15 356->359 357->356 358->359 360 332af66-332af6b 359->360 361 332af17-332af3b CreateFileW 359->361 360->361 364 332af6d-332af72 361->364 365 332af3d-332af63 361->365 364->365
                      APIs
                      • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0332AF1D
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID:
                      • API String ID: 823142352-0
                      • Opcode ID: 055463e5a0ea3cc4006b4616a8665d0b911f818fb26e4240dca8292cc38d05ab
                      • Instruction ID: ee562eaec0eb0f86fc93f40e4822a780bf0779c4b9a0db68a39757b334ff45e3
                      • Opcode Fuzzy Hash: 055463e5a0ea3cc4006b4616a8665d0b911f818fb26e4240dca8292cc38d05ab
                      • Instruction Fuzzy Hash: D2319FB1504340AFE721CF65DD85F92FFE8EF05620F0889AEE9858B652D375E908CB61
                      Function 0332BDD8 Relevance: 1.6, APIs: 1, Instructions: 86COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 368 332bdd8-332be64 372 332be66-332be6e GetExitCodeProcess 368->372 373 332beaf-332beb4 368->373 374 332be74-332be86 372->374 373->372 376 332beb6-332bebb 374->376 377 332be88-332beae 374->377 376->377
                      APIs
                      • GetExitCodeProcess.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332BE6C
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CodeExitProcess
                      • String ID:
                      • API String ID: 3861947596-0
                      • Opcode ID: ffca8b9b005681d51a719ee992ee92c0576d5217a4041a03e59f61208a69408c
                      • Instruction ID: 5ab65adcd3d9463b51ed9d4a63385de2d81cb5963a44dc3e475e426559861af1
                      • Opcode Fuzzy Hash: ffca8b9b005681d51a719ee992ee92c0576d5217a4041a03e59f61208a69408c
                      • Instruction Fuzzy Hash: BC21B4B25093805FE712CB64DC85B96BFB8EF46324F0884DAE944CF293D274A909CB61
                      Function 060C32F4 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                      Download Yara Rule
                      APIs
                      • GetProcessWorkingSetSize.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C338B
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ProcessSizeWorking
                      • String ID:
                      • API String ID: 3584180929-0
                      • Opcode ID: 8fdfb8b262f52bafab58e043b129b2832105a77211e290e20eac4f740f5b649a
                      • Instruction ID: 5dc67fc22d99b348f45eb41f8b0bd47c8d076ac5176daa562ce948185969ee0d
                      • Opcode Fuzzy Hash: 8fdfb8b262f52bafab58e043b129b2832105a77211e290e20eac4f740f5b649a
                      • Instruction Fuzzy Hash: 2A21D5715093C45FD712CB20CC55B96BFA8AF02224F08C4DFE9849F293D275A909CB61
                      Function 0332A361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 398 332a361-332a3cf 401 332a3d1 398->401 402 332a3d4-332a3dd 398->402 401->402 403 332a3e2-332a3e8 402->403 404 332a3df 402->404 405 332a3ea 403->405 406 332a3ed-332a404 403->406 404->403 405->406 408 332a406-332a419 RegQueryValueExW 406->408 409 332a43b-332a440 406->409 410 332a442-332a447 408->410 411 332a41b-332a438 408->411 409->408 410->411
                      APIs
                      • RegQueryValueExW.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332A40C
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 484ac3a968b114c8490520829dc65fad83342b1ad9f7ad61d8f3ed68922aaf21
                      • Instruction ID: 18ed0e948ff3c7c53cd95fae7630ec82359949e171de85b4d5b169d1d2aa24df
                      • Opcode Fuzzy Hash: 484ac3a968b114c8490520829dc65fad83342b1ad9f7ad61d8f3ed68922aaf21
                      • Instruction Fuzzy Hash: 29318F75505784AFE722CF15CC84F92FFF8EF06210F08849AE9859B292D324E949CB61
                      Function 060C1D56 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                      Download Yara Rule
                      APIs
                      • getaddrinfo.WS2_32(?,00000E24), ref: 060C1DFB
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: getaddrinfo
                      • String ID:
                      • API String ID: 300660673-0
                      • Opcode ID: b4c80e5ecaadf12f130d582639bcc35e54bf0dc0ed28fd80f959ea7b4bf1a2e7
                      • Instruction ID: 3cac3621becf8b0127442ee85677fadf0560a7ba47b89c6b3d296d073c1daada
                      • Opcode Fuzzy Hash: b4c80e5ecaadf12f130d582639bcc35e54bf0dc0ed28fd80f959ea7b4bf1a2e7
                      • Instruction Fuzzy Hash: F321A071500204AEE730DB60CC84FAAFBACEF04724F04886AFA489A681D7B4E5588B61
                      Function 0332A120 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                      Download Yara Rule
                      APIs
                      • EnumWindows.USER32(?,00000E24,?,?), ref: 0332A1C2
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: EnumWindows
                      • String ID:
                      • API String ID: 1129996299-0
                      • Opcode ID: c8cc0f404d0e44a7128aa599dff676fb8bba7e2da8d6c2995944911c87acfeba
                      • Instruction ID: 2c672eb4024d70f8b7f8d4c85e3330966ca47ca4dc684e6aff60d65386934f81
                      • Opcode Fuzzy Hash: c8cc0f404d0e44a7128aa599dff676fb8bba7e2da8d6c2995944911c87acfeba
                      • Instruction Fuzzy Hash: 7C21D37140D3C06FD3128B258C51BA2BFB4EF47610F0985CBD8C48F693D235A909CBA2
                      Function 060C3225 Relevance: 1.6, APIs: 1, Instructions: 80COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: select
                      • String ID:
                      • API String ID: 1274211008-0
                      • Opcode ID: db1e62575b93eefeb6c80a2c2239731148f7d2fd0cf9ce5895b0644df602823d
                      • Instruction ID: d54b3cff027d7ab43803b857a6060bf913fadb23abefbed9553f161d4ea39234
                      • Opcode Fuzzy Hash: db1e62575b93eefeb6c80a2c2239731148f7d2fd0cf9ce5895b0644df602823d
                      • Instruction Fuzzy Hash: E6216D715093849FDB62CF25CC44B92BFF8EF06220F0884DAE984CB162D275E808DB61
                      Function 0332AF74 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                      Download Yara Rule
                      APIs
                      • GetFileType.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332B009
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: FileType
                      • String ID:
                      • API String ID: 3081899298-0
                      • Opcode ID: 157ab234ba029da30b8c1566a0a93adf9e882ad5e653683ed0d2a5ccaf12ce7b
                      • Instruction ID: 774832d70fd135f9f791c1211bfc8ff30e77a534168f63be88ffe5eeb9a3f797
                      • Opcode Fuzzy Hash: 157ab234ba029da30b8c1566a0a93adf9e882ad5e653683ed0d2a5ccaf12ce7b
                      • Instruction Fuzzy Hash: E721D6B54093806FE7228B15DD85BA2BFACEF06324F0985D6E9808B293D274A909C771
                      Function 060C17D6 Relevance: 1.6, APIs: 1, Instructions: 77fileCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: FileView
                      • String ID:
                      • API String ID: 3314676101-0
                      • Opcode ID: c400d5e2870943479cdcb452e539895d647e82f2481288777ccfb390a97ce04d
                      • Instruction ID: 3c7a75bc929962eed626eead8206fd077735ce74ad59669b93b38ef205148c66
                      • Opcode Fuzzy Hash: c400d5e2870943479cdcb452e539895d647e82f2481288777ccfb390a97ce04d
                      • Instruction Fuzzy Hash: EA21D371405380AFE722CF55DD44F96FFF8EF09224F08889EE9848B652D375A508CB61
                      Function 060C11FA Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 060C1286
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: Socket
                      • String ID:
                      • API String ID: 38366605-0
                      • Opcode ID: 7db465fb9b2caf58b7202b9b2cb94e65bde24fb223e0b6afe626cfe654edc0ad
                      • Instruction ID: 3e9205c9b49f3fbf65342d6b7588cfbdacfd3e1148709c8b4306c2a97cfeee3d
                      • Opcode Fuzzy Hash: 7db465fb9b2caf58b7202b9b2cb94e65bde24fb223e0b6afe626cfe654edc0ad
                      • Instruction Fuzzy Hash: 8721B171505380AFE721CF55DD45F96FFF8EF06220F0888AEE9858B652D375A818CB61
                      Function 0332A462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegSetValueExW.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332A4F8
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 63cec4bec108013458bd3585f263e3c24259875e805dacd10f1266227c7c8b6e
                      • Instruction ID: 55d5b13283e7bc94b8e7c9b44f65199c76bb1e2a76585dba4d7eae9a3668ccd3
                      • Opcode Fuzzy Hash: 63cec4bec108013458bd3585f263e3c24259875e805dacd10f1266227c7c8b6e
                      • Instruction Fuzzy Hash: 3321AE72104380AFD722CB11CC84FA3BFB8EF06220F08849AE9859B652C274E848CB71
                      Function 060C152E Relevance: 1.6, APIs: 1, Instructions: 76registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegQueryValueExW.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C15CC
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 028c5cc564e0004fb26af52412d34b4646fd72619b1adbdf0eeff35053405af0
                      • Instruction ID: 2bfb1db5815aeaf77577b17ba10d90742a9e07c7912bcbe13fca83a0f10834af
                      • Opcode Fuzzy Hash: 028c5cc564e0004fb26af52412d34b4646fd72619b1adbdf0eeff35053405af0
                      • Instruction Fuzzy Hash: 0721A171905780AFE721CB55CD44FA7BFF8AF45220F08859EE9859B692D334E908CB61
                      Function 060C1646 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                      Download Yara Rule
                      APIs
                      • ConvertStringSecurityDescriptorToSecurityDescriptorW.ADVAPI32(?,00000E24), ref: 060C16B7
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: DescriptorSecurity$ConvertString
                      • String ID:
                      • API String ID: 3907675253-0
                      • Opcode ID: bfde72304cf06b0feda986f37539445e14c6c91ea7272713e445e16d9f05ad25
                      • Instruction ID: dcc0c8894e86941cdc5fadb90a99c9ae68fcb69cf553407debe8a1738b804907
                      • Opcode Fuzzy Hash: bfde72304cf06b0feda986f37539445e14c6c91ea7272713e445e16d9f05ad25
                      • Instruction Fuzzy Hash: F9219571600304AFEB60DB65DD45FAAFBECEF04224F04846EE945DB642D774E4188AA1
                      Function 060C00B8 Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                      Download Yara Rule
                      APIs
                      • K32EnumProcesses.KERNEL32(?,?,?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 060C013E
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: EnumProcesses
                      • String ID:
                      • API String ID: 84517404-0
                      • Opcode ID: b81a117597af51cbfc519e24924a88c826604f55de6d1c9b289bb9e15a4663e0
                      • Instruction ID: 49b6b75248a414b56455d72da1eb62bddfa2f72f795d2f1dea94702f4cc53e6e
                      • Opcode Fuzzy Hash: b81a117597af51cbfc519e24924a88c826604f55de6d1c9b289bb9e15a4663e0
                      • Instruction Fuzzy Hash: 9B218B715093C49FDB528B65DC54A92BFB4AF07220F0D84DBE885CB1A3D2259818CB62
                      Function 0332AE9E Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                      Download Yara Rule
                      APIs
                      • CreateFileW.KERNEL32(?,?,?,?,?,?), ref: 0332AF1D
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CreateFile
                      • String ID:
                      • API String ID: 823142352-0
                      • Opcode ID: 583e4e29c7c0e8bd6c61558db87d79e4feda729331215b2e2dc398674dbfb0d3
                      • Instruction ID: 9b172a2be10814bbb84390b86efe07f5b462ad5ce274e91ae9dbc7260cb65f81
                      • Opcode Fuzzy Hash: 583e4e29c7c0e8bd6c61558db87d79e4feda729331215b2e2dc398674dbfb0d3
                      • Instruction Fuzzy Hash: 5F21AEB1600304AFEB20CF65DD85FA6FBE8EF08620F08896EE9458B751D775E418CB61
                      Function 0332B304 Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON
                      Download Yara Rule
                      APIs
                      • WriteFile.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332B389
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: FileWrite
                      • String ID:
                      • API String ID: 3934441357-0
                      • Opcode ID: 2b42d50f9224a71e51eab15e530a1036790e4c9009599716c7413b5fcc87600b
                      • Instruction ID: ce52fa6e67aa2198c3e85719439717cf6afb7a781662a73d71b70bfc5d797765
                      • Opcode Fuzzy Hash: 2b42d50f9224a71e51eab15e530a1036790e4c9009599716c7413b5fcc87600b
                      • Instruction Fuzzy Hash: F221D371504340AFE722CF54DD40FA7BFACEF46324F08889AF9859B252C275A808CBB1
                      Function 0332AB52 Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegOpenKeyExW.KERNEL32(?,00000E24), ref: 0332ABD1
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: Open
                      • String ID:
                      • API String ID: 71445658-0
                      • Opcode ID: 3327508a7e5c1e40bd2114a029df2fd896f0786372db3f90d1bb8daa1ff903f0
                      • Instruction ID: 436c51a180d0ce80828e137407f312ca4b603f91db4aa5984daafae90aaf9fc9
                      • Opcode Fuzzy Hash: 3327508a7e5c1e40bd2114a029df2fd896f0786372db3f90d1bb8daa1ff903f0
                      • Instruction Fuzzy Hash: A521BE72500304AFE730DA55CD84FABFBACEF14224F04886AE9459A651D734E9188AB1
                      Function 060C33F3 Relevance: 1.6, APIs: 1, Instructions: 73COMMON
                      Download Yara Rule
                      APIs
                      • SetProcessWorkingSetSize.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C346F
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ProcessSizeWorking
                      • String ID:
                      • API String ID: 3584180929-0
                      • Opcode ID: 79cdebcbbebd3c44059b6117d3a6698ca250c55a65196a5fe2846ef9772a3729
                      • Instruction ID: 99ffd533418b85c55796726bc3a3e306c6e800a8455372a08a22d662329d0ca5
                      • Opcode Fuzzy Hash: 79cdebcbbebd3c44059b6117d3a6698ca250c55a65196a5fe2846ef9772a3729
                      • Instruction Fuzzy Hash: 6821C5715053846FD722CB55CC44F96FFB8EF06224F08C4AEE9449B252D374A908CB61
                      Function 060C1A6D Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                      Download Yara Rule
                      APIs
                      • shutdown.WS2_32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C1AF0
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: shutdown
                      • String ID:
                      • API String ID: 2510479042-0
                      • Opcode ID: 98c2168e4c520c5f05e1728bcd4a46e7a845d8edde2a0be1b6a6212a56a50055
                      • Instruction ID: 95ad25a3c4064400792c93220c0ff843fcf6ca68b0f4273466a0ffddd68d28bf
                      • Opcode Fuzzy Hash: 98c2168e4c520c5f05e1728bcd4a46e7a845d8edde2a0be1b6a6212a56a50055
                      • Instruction Fuzzy Hash: B62195B1509384AFD722CB54DC45B96FFB8EF46224F0884DBE9449B252D378A948CB61
                      Function 0332A646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                      Download Yara Rule
                      APIs
                      • CreateMutexW.KERNEL32(?,?), ref: 0332A6B9
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 4cf525fe9605eeb804e0e768a519a0fd92dabd101b987124af135c84dc98449c
                      • Instruction ID: d6d7b0d043cd870bb58a1546f18e1e7e5cf8dad7237b2c72713b9e604085aedf
                      • Opcode Fuzzy Hash: 4cf525fe9605eeb804e0e768a519a0fd92dabd101b987124af135c84dc98449c
                      • Instruction Fuzzy Hash: 6B21C2716002049FE720CF69DD85BA6FBE8EF04224F08886AE9448B741D775E408CA71
                      Function 0332B9F3 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                      Download Yara Rule
                      APIs
                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0332BA6A
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: LookupPrivilegeValue
                      • String ID:
                      • API String ID: 3899507212-0
                      • Opcode ID: b1f2029de819591a833472b4e57de2986b61fa479ad6e088a8376edf5739a188
                      • Instruction ID: 36b5a2f470b5c2cf16d1865351ad2f65cab10032f7c5daa4d987ab300ed8d53e
                      • Opcode Fuzzy Hash: b1f2029de819591a833472b4e57de2986b61fa479ad6e088a8376edf5739a188
                      • Instruction Fuzzy Hash: 7F2130716093809FDB21CF25DC54B52FFF8EF46610F0984DAE985CB252D275E418D761
                      Function 060C315F Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                      Download Yara Rule
                      APIs
                      • ioctlsocket.WS2_32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C31DB
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ioctlsocket
                      • String ID:
                      • API String ID: 3577187118-0
                      • Opcode ID: 9cf04b5fd24936d21b7368bb1b8d2fca1a58a5f631ae0366c9e844e34f7343a8
                      • Instruction ID: 95784bca1e05618de1823118c4e441179c5857bb6f93da78efa75b75b6d4d61b
                      • Opcode Fuzzy Hash: 9cf04b5fd24936d21b7368bb1b8d2fca1a58a5f631ae0366c9e844e34f7343a8
                      • Instruction Fuzzy Hash: F021A4715093846FD721CB55CD44F96BFB8EF46224F08889AE9449B652D374A908C7A1
                      Function 0332A392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegQueryValueExW.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332A40C
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 96d786b86d2a4f123a3865dbd67bea674dc71bdf112418727167403ec2d5849c
                      • Instruction ID: cb3f112c5edaf6f7e7be58829c7fbd7af00a27d13f8735f41a5763420af2b1d4
                      • Opcode Fuzzy Hash: 96d786b86d2a4f123a3865dbd67bea674dc71bdf112418727167403ec2d5849c
                      • Instruction Fuzzy Hash: 9B214A75600704AFE720CE55CD84FA6FBECEF04620F08846AEA459B751DB74E949CAB1
                      Function 0332AC19 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                      Download Yara Rule
                      APIs
                      • SetFileAttributesW.KERNEL32(?,?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332AC97
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 73ec028b96cf27c2519ffcc1ead976675e926437eaa989cf8ff89ba9112e6c83
                      • Instruction ID: 2a751e8149d56d3b50667e129ce7c8ac577931a562318c30098c3b883043c406
                      • Opcode Fuzzy Hash: 73ec028b96cf27c2519ffcc1ead976675e926437eaa989cf8ff89ba9112e6c83
                      • Instruction Fuzzy Hash: C22192755093C49FDB12CB25DC85B92BFA8EF06224F0984EED885CB263D2749849CB61
                      Function 060C1F06 Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 060C1F82
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: Connect
                      • String ID:
                      • API String ID: 3144859779-0
                      • Opcode ID: 8d8a403195189220db4472926259b7da5ed0cf27713278ad194a738adc1a7a08
                      • Instruction ID: 6427614e28ee20ecf6bbce4d43c34a983aaf72c3825b1fe93b6e5d6a741249fc
                      • Opcode Fuzzy Hash: 8d8a403195189220db4472926259b7da5ed0cf27713278ad194a738adc1a7a08
                      • Instruction Fuzzy Hash: FF216D71548384AFDB228F51DC44A92FFF4EF06220F08859AE9858B263D375A819DB61
                      Function 060C121A Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSASocketW.WS2_32(?,?,?,?,?), ref: 060C1286
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: Socket
                      • String ID:
                      • API String ID: 38366605-0
                      • Opcode ID: 0770ebe085b7173151384f232733f958550748f691ce44e4ca22ef4d31f104eb
                      • Instruction ID: e20e643192fd8116a263179d852a1633de258c219d83fd291bb783767a190cf7
                      • Opcode Fuzzy Hash: 0770ebe085b7173151384f232733f958550748f691ce44e4ca22ef4d31f104eb
                      • Instruction Fuzzy Hash: DA21CF71500240AFEB21CF55DD45FAAFBE4EF09324F0488AEE9458A652D375E418CBA1
                      Function 060C17F6 Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: FileView
                      • String ID:
                      • API String ID: 3314676101-0
                      • Opcode ID: c92de508c24bec0351cbaa7268b59f5c62a096236c7c03243295d46652498dfe
                      • Instruction ID: 591ccc7ffe7f2ebb68abd3e1fbdcdb7b2e33f0ca414dd9d5a7989b1bddedf726
                      • Opcode Fuzzy Hash: c92de508c24bec0351cbaa7268b59f5c62a096236c7c03243295d46652498dfe
                      • Instruction Fuzzy Hash: 7321A171904304AFE721CF55DD85F9AFBE8EF08224F04886EE9458B751D375E518CBA1
                      Function 060C229E Relevance: 1.6, APIs: 1, Instructions: 66libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryA.KERNEL32(?,00000E24), ref: 060C2327
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: 03a0606bbe22e5900619268be7f3eb36e379d8c2af5bc7116004f7179e02a96e
                      • Instruction ID: d43bdcfa731d8d362b2fc99475115b8e336618cb8684e74035fcd8a935bbee1b
                      • Opcode Fuzzy Hash: 03a0606bbe22e5900619268be7f3eb36e379d8c2af5bc7116004f7179e02a96e
                      • Instruction Fuzzy Hash: AE1106715043806FE721CB11CC85FA6FFB8DF06320F08849EF9489B692D2B8A948CB61
                      Function 060C155A Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegQueryValueExW.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C15CC
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 9960213a9ea013571474937d212124990ff33caec17e9775cc1c189842f4854d
                      • Instruction ID: 0fa19f8b118d9396c9d8f63e0fbd7661313064006bddaecddd44428800eda604
                      • Opcode Fuzzy Hash: 9960213a9ea013571474937d212124990ff33caec17e9775cc1c189842f4854d
                      • Instruction Fuzzy Hash: 2D11D271900704AFE760CF15CD40FAABBE8EF04220F0484AAE9468A752D374E408CAB1
                      Function 0332A486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegSetValueExW.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332A4F8
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 765f36a2d7ab92a879e5882a7b5d1c84526192519b27d642df53afbb833848f8
                      • Instruction ID: 2dd264f59d8fbaa113d5bcf508bc7fbff9719a79773cd2f039e8021c2be56959
                      • Opcode Fuzzy Hash: 765f36a2d7ab92a879e5882a7b5d1c84526192519b27d642df53afbb833848f8
                      • Instruction Fuzzy Hash: B711AC72600704AFEB30CE15CD85FA7FBECEF04620F08846AED459AB41D774E8488AB1
                      Function 060C1C6A Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON
                      Download Yara Rule
                      APIs
                      • GetProcessTimes.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C1CC9
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ProcessTimes
                      • String ID:
                      • API String ID: 1995159646-0
                      • Opcode ID: a966969ebca7b766834722961cefe6d8b2eb31888261d6ade5843a57e71f3f43
                      • Instruction ID: f1404775c2b534caf9526bb2bbcab4db861d3f1c1248de14f6b5679e9bc96386
                      • Opcode Fuzzy Hash: a966969ebca7b766834722961cefe6d8b2eb31888261d6ade5843a57e71f3f43
                      • Instruction Fuzzy Hash: 0011D372500304AFEB21CF55DD84FAABBE8EF04324F04C86EE9458B651D374E4188BA1
                      Function 0332ADB4 Relevance: 1.6, APIs: 1, Instructions: 64fileCOMMON
                      Download Yara Rule
                      APIs
                      • CopyFileW.KERNEL32(?,?,?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332AE1E
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CopyFile
                      • String ID:
                      • API String ID: 1304948518-0
                      • Opcode ID: e93a2fc1b730528c773714e5361bc21651dbad4105a9e6d9caf2fa5347c4f477
                      • Instruction ID: 9a19e6b94ebfa9cbbaafb7bc301b4001b6f04dc643be7777c8640d89a7e6dad3
                      • Opcode Fuzzy Hash: e93a2fc1b730528c773714e5361bc21651dbad4105a9e6d9caf2fa5347c4f477
                      • Instruction Fuzzy Hash: 3611A2716043809FD721CF25DC85B92FFE8EF05220F0C84AEE945CB262D234E808CB61
                      Function 060C3416 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                      Download Yara Rule
                      APIs
                      • SetProcessWorkingSetSize.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C346F
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ProcessSizeWorking
                      • String ID:
                      • API String ID: 3584180929-0
                      • Opcode ID: ed990ad58e3b7063476a17439c51e28407c5fefaea89e2438e77df392ea0642d
                      • Instruction ID: d346cc0577493c095e34b1997c049aa65803f4a10bcf65a65bd5f6cf78f400a5
                      • Opcode Fuzzy Hash: ed990ad58e3b7063476a17439c51e28407c5fefaea89e2438e77df392ea0642d
                      • Instruction Fuzzy Hash: BC11E2715002049FEB21CF54CD45BAAFBE8DF04224F04C86EED058B741D375E408CAA1
                      Function 060C3332 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                      Download Yara Rule
                      APIs
                      • GetProcessWorkingSetSize.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C338B
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ProcessSizeWorking
                      • String ID:
                      • API String ID: 3584180929-0
                      • Opcode ID: ed990ad58e3b7063476a17439c51e28407c5fefaea89e2438e77df392ea0642d
                      • Instruction ID: 9eb6f5f3fe8ccaf00ffca0609b0f3655beb1812c11f0af9aad1d883006849e5f
                      • Opcode Fuzzy Hash: ed990ad58e3b7063476a17439c51e28407c5fefaea89e2438e77df392ea0642d
                      • Instruction Fuzzy Hash: 3911C171610344AFEB60CF55DD85BAABBE8EF04324F04C86EED459B641D774E8188AB1
                      Function 060C023C Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 060C02AE
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 0b5eb8ef4f397736d86a505ff480636511edb3aca0133fe3e4e8fcb31e4605f4
                      • Instruction ID: 86c96a3f7dba0e323e07c2768157a4ee8d06c3913ca9a907e9847173c4416eea
                      • Opcode Fuzzy Hash: 0b5eb8ef4f397736d86a505ff480636511edb3aca0133fe3e4e8fcb31e4605f4
                      • Instruction Fuzzy Hash: 2221A5714493809FDB22CF61DC54A56FFF4EF06320F0988DEE9858B562C379A859CB62
                      Function 0332BE16 Relevance: 1.6, APIs: 1, Instructions: 61COMMON
                      Download Yara Rule
                      APIs
                      • GetExitCodeProcess.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332BE6C
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CodeExitProcess
                      • String ID:
                      • API String ID: 3861947596-0
                      • Opcode ID: 3d862bb6d2586fb1326d5ef465a3b5774869fd1bf75d9188c2fff4b155680d6a
                      • Instruction ID: aa28d74e1c685e823bc142e3ef1cda5b4bb26561a0062a116c237e73adc104c2
                      • Opcode Fuzzy Hash: 3d862bb6d2586fb1326d5ef465a3b5774869fd1bf75d9188c2fff4b155680d6a
                      • Instruction Fuzzy Hash: EC11A371600204AFEB21CF55ED85BA6FBACDF45224F08C8AAED05DB751D774E9088AA1
                      Function 0332B32A Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON
                      Download Yara Rule
                      APIs
                      • WriteFile.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332B389
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: FileWrite
                      • String ID:
                      • API String ID: 3934441357-0
                      • Opcode ID: e0d8574e66545653c41e302da9ae3781a475317fe90fa3c276a6c24492687ca9
                      • Instruction ID: d8b99191223403feacc5f021da3073190fa5ef940077191e88290187df3a9ace
                      • Opcode Fuzzy Hash: e0d8574e66545653c41e302da9ae3781a475317fe90fa3c276a6c24492687ca9
                      • Instruction Fuzzy Hash: B611C472500304AFEB21CF55DD84FA6FBE8EF04324F04C86AEA459B651D375A418CBB1
                      Function 060C21E9 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                      Download Yara Rule
                      APIs
                      • CoGetObjectContext.COMBASE(?,?), ref: 060C225B
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ContextObject
                      • String ID:
                      • API String ID: 3343934925-0
                      • Opcode ID: a9e137b46dfe4cb5613e3121c8e0a4cd5bf499294639188dd819e60df5815cd0
                      • Instruction ID: c9d5a0c1fe27c8b45779feb51db4381c492808f373798eb10b60ed3861f473b4
                      • Opcode Fuzzy Hash: a9e137b46dfe4cb5613e3121c8e0a4cd5bf499294639188dd819e60df5815cd0
                      • Instruction Fuzzy Hash: C211BE714083809FD7528F65CD85B51FFB4EF06230F0984DED9844F2A3D279A909DB62
                      Function 060C3182 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                      Download Yara Rule
                      APIs
                      • ioctlsocket.WS2_32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C31DB
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ioctlsocket
                      • String ID:
                      • API String ID: 3577187118-0
                      • Opcode ID: 5e7bcf0ca4a60c2b45b65a1e26ff3560afe0359fba41c954e25fed33c557bb41
                      • Instruction ID: c617218bd1975de8c8444c39a667af843b0a2274db69e60724da45ac1d6c9f54
                      • Opcode Fuzzy Hash: 5e7bcf0ca4a60c2b45b65a1e26ff3560afe0359fba41c954e25fed33c557bb41
                      • Instruction Fuzzy Hash: 9911E071500304AFEB21CF59CD84FAAFBE8EF44324F04C86AED449B641D374A808CAB1
                      Function 060C1A9A Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                      Download Yara Rule
                      APIs
                      • shutdown.WS2_32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 060C1AF0
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: shutdown
                      • String ID:
                      • API String ID: 2510479042-0
                      • Opcode ID: 8062ae5bb3e6cc730b718f96d8bd7ff5be5dc4726af49c63a1b0031aed474e62
                      • Instruction ID: 52ce826cc3fdb299f444541bb8e457c821d54d9d2e80ebed3de371dd88542835
                      • Opcode Fuzzy Hash: 8062ae5bb3e6cc730b718f96d8bd7ff5be5dc4726af49c63a1b0031aed474e62
                      • Instruction Fuzzy Hash: 3E11C271500204AFEB60CF55DD85BAABBE8DF45324F04C8AAED049B742E778A5188AB1
                      Function 060C22BE Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryA.KERNEL32(?,00000E24), ref: 060C2327
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: e6da95faecb53d434e380af4fb58c7009d644126c40eb575896024f9bd8dd3bf
                      • Instruction ID: 392919aca60c31ebbdfffb244a7b8808e0c8252656e35b801419c6529e29bfe5
                      • Opcode Fuzzy Hash: e6da95faecb53d434e380af4fb58c7009d644126c40eb575896024f9bd8dd3bf
                      • Instruction Fuzzy Hash: 3611E571540304AFF730CB15DD81FAAFBA8DF04724F04C46AFE485AB81D3B8A649CAA5
                      Function 0332A2D2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                      Download Yara Rule
                      APIs
                      • SetErrorMode.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332A330
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: ErrorMode
                      • String ID:
                      • API String ID: 2340568224-0
                      • Opcode ID: 2fd4b6bfc0496b17952372672ec9c4713290a26f50434e6a977135214820f119
                      • Instruction ID: f9b92d8fbb5be0dc85361308aa511398e38a540bba6fc9627de4a856194512ba
                      • Opcode Fuzzy Hash: 2fd4b6bfc0496b17952372672ec9c4713290a26f50434e6a977135214820f119
                      • Instruction Fuzzy Hash: B91194714093C46FD7138B15DC54A62BFB8DF47220F0D84CBED848B263C2656918D772
                      Function 060C325E Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: select
                      • String ID:
                      • API String ID: 1274211008-0
                      • Opcode ID: ff0f363a9bb35a71a5890e5be79129d0df8ffa9bfc9a12b04dc8e9451ae5af00
                      • Instruction ID: ba1f406a44eadf8e42eeb89a5c3eec0d18b89b01d952f619578f853c4c2044fe
                      • Opcode Fuzzy Hash: ff0f363a9bb35a71a5890e5be79129d0df8ffa9bfc9a12b04dc8e9451ae5af00
                      • Instruction Fuzzy Hash: 28116D716142049FEBA0CF55C884B9AFBE8EF04320F08C4AEDD49CB652D335E858CBA1
                      Function 0332A078 Relevance: 1.6, APIs: 1, Instructions: 54networkCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: send
                      • String ID:
                      • API String ID: 2809346765-0
                      • Opcode ID: 6e071f89daf95505d2e7796283d8975eea9143df8f7d8de60b94789d71e2f735
                      • Instruction ID: 4394f0507fb19da428a98da01ec0eabb3260d85eccd1fa1f8eaaf078f0398730
                      • Opcode Fuzzy Hash: 6e071f89daf95505d2e7796283d8975eea9143df8f7d8de60b94789d71e2f735
                      • Instruction Fuzzy Hash: EC119171509384AFDB22CF55DC84B52FFB4EF46224F08C8DEED858B652C275A818DB62
                      Function 0332BA22 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                      Download Yara Rule
                      APIs
                      • LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 0332BA6A
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: LookupPrivilegeValue
                      • String ID:
                      • API String ID: 3899507212-0
                      • Opcode ID: dd446bc4828db097d7ef897f242f78d3d56cebe3f9da8e6a6aa7debab6315514
                      • Instruction ID: 078372bf093f0f23743bcd258ce2331be1c7bb9adb373a47225892d472eb03a6
                      • Opcode Fuzzy Hash: dd446bc4828db097d7ef897f242f78d3d56cebe3f9da8e6a6aa7debab6315514
                      • Instruction Fuzzy Hash: 92115EB1A002448FEB20CF29DC85B56FFE8EF44220F08C4AADD49CB652D775E414CA61
                      Function 0332ADD6 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                      Download Yara Rule
                      APIs
                      • CopyFileW.KERNEL32(?,?,?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332AE1E
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CopyFile
                      • String ID:
                      • API String ID: 1304948518-0
                      • Opcode ID: dd446bc4828db097d7ef897f242f78d3d56cebe3f9da8e6a6aa7debab6315514
                      • Instruction ID: cebe2cd51bc6e76d3af06880b01e1ad3cc8d82cc5b59073ecdec12559500e546
                      • Opcode Fuzzy Hash: dd446bc4828db097d7ef897f242f78d3d56cebe3f9da8e6a6aa7debab6315514
                      • Instruction Fuzzy Hash: 47115271A002548FDB20CF29DD85B66FFE8EF04620F08C4AADD49DB651D775E415CA61
                      Function 0332AFB6 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                      Download Yara Rule
                      APIs
                      • GetFileType.KERNEL32(?,00000E24,82BD23E7,00000000,00000000,00000000,00000000), ref: 0332B009
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: FileType
                      • String ID:
                      • API String ID: 3081899298-0
                      • Opcode ID: df8072f2849daee193b3be948c8370c01f650eff7db00b026b8d8a8163aebdbc
                      • Instruction ID: 3a29b87c1fbd079c264766b995c980fa65651fe24f92dbc096cfb6d7fed581d2
                      • Opcode Fuzzy Hash: df8072f2849daee193b3be948c8370c01f650eff7db00b026b8d8a8163aebdbc
                      • Instruction Fuzzy Hash: ED01D271504304AFE721CB05DD85FA6FBACDF44624F08C4AAED049B741D378E9088AB5
                      Function 0332B1A8 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                      Download Yara Rule
                      APIs
                      • FindClose.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332B1FC
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseFind
                      • String ID:
                      • API String ID: 1863332320-0
                      • Opcode ID: 03149eaf81b9c1aa069cc749230418df2802e5e079a60ed45f2953007154bd7e
                      • Instruction ID: e788363d216cb7b219617e48f0c96263e26c5617c9b255cc8b2eb53683159f8b
                      • Opcode Fuzzy Hash: 03149eaf81b9c1aa069cc749230418df2802e5e079a60ed45f2953007154bd7e
                      • Instruction Fuzzy Hash: 101182755093849FD7128F15DC84A66FFB4DF06220F08C4DAED858B652D275A918CB62
                      Function 0332A9E4 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: IdleInputWait
                      • String ID:
                      • API String ID: 2200289081-0
                      • Opcode ID: 70ffadfe9ea3aab2574113b7cc7a70ab2d4f0d85046dc55f1ae6d2314cee16cd
                      • Instruction ID: bcb5ec0d2c22e3e970b0fb93eebd54b3107a20dc5bfc46049ccb807febc48b18
                      • Opcode Fuzzy Hash: 70ffadfe9ea3aab2574113b7cc7a70ab2d4f0d85046dc55f1ae6d2314cee16cd
                      • Instruction Fuzzy Hash: 48119E715093849FDB11CF55DD84B52FFA8EF06220F0988DEED858B262D279A818CB62
                      Function 060C1F36 Relevance: 1.5, APIs: 1, Instructions: 49networkCOMMON
                      Download Yara Rule
                      APIs
                      • WSAConnect.WS2_32(?,?,?,?,?,?,?), ref: 060C1F82
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: Connect
                      • String ID:
                      • API String ID: 3144859779-0
                      • Opcode ID: 3ce6644cc35257a4b1cab02324bb71718df730c863acae00dca7d6bf0a5c7f53
                      • Instruction ID: f32337dd3cf3fc397745d889217bbb198e26839d78727fa499d96c87f4511046
                      • Opcode Fuzzy Hash: 3ce6644cc35257a4b1cab02324bb71718df730c863acae00dca7d6bf0a5c7f53
                      • Instruction Fuzzy Hash: 2A119E315402049FDB60CF55D844BA6FBE4EF08220F08C9AEED858B652D335E419CBA1
                      Function 060C00FE Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                      Download Yara Rule
                      APIs
                      • K32EnumProcesses.KERNEL32(?,?,?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 060C013E
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: EnumProcesses
                      • String ID:
                      • API String ID: 84517404-0
                      • Opcode ID: 486581ef3a35cec236d625d1c861eb1b3a14d9224622e4f7a675631bda19b44c
                      • Instruction ID: f173937ebe0cd84a380d1c7e0e05ba8ca903759f897a56ce1ef7dac52867e34a
                      • Opcode Fuzzy Hash: 486581ef3a35cec236d625d1c861eb1b3a14d9224622e4f7a675631bda19b44c
                      • Instruction Fuzzy Hash: 8B116171600244DFEBA0CF69D984B9AFBE4EF44324F08C4AEDD4A8B651D375E458CB61
                      Function 0332AC5A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                      Download Yara Rule
                      APIs
                      • SetFileAttributesW.KERNEL32(?,?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332AC97
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: AttributesFile
                      • String ID:
                      • API String ID: 3188754299-0
                      • Opcode ID: 32141f477d7a0a48a9046c41fe79a56a8c78df7ac9bcd429255fdf658f7b7382
                      • Instruction ID: 96c37cb41a3d00523b944f6d47e9e7ff6a981d710e9e9cb89c507e187e2685b9
                      • Opcode Fuzzy Hash: 32141f477d7a0a48a9046c41fe79a56a8c78df7ac9bcd429255fdf658f7b7382
                      • Instruction Fuzzy Hash: 1F0192716042548FDB20CF29DD857A6FFE8EF04220F08C4AADD45CB742D775E418CAA2
                      Function 060C2032 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule
                      APIs
                      • GetVolumeInformationA.KERNEL32(?,00000E24,?,?), ref: 060C2082
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: InformationVolume
                      • String ID:
                      • API String ID: 2039140958-0
                      • Opcode ID: 17204ee913b8b23bd9025deb19c15f11f72c232922cbe2ee292855ba0dd59130
                      • Instruction ID: 0e0bd439db97745219a04350356b78fe7e0828b0390a455df2d53f0168c44ec9
                      • Opcode Fuzzy Hash: 17204ee913b8b23bd9025deb19c15f11f72c232922cbe2ee292855ba0dd59130
                      • Instruction Fuzzy Hash: 0001B171600200AFD310DF16CD85B66FBE8EB88B20F14852AEC089BB41D731F915CBE1
                      Function 0332A172 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule
                      APIs
                      • EnumWindows.USER32(?,00000E24,?,?), ref: 0332A1C2
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: EnumWindows
                      • String ID:
                      • API String ID: 1129996299-0
                      • Opcode ID: c9dea8e3b62440a2c20dc17418e0c70388b722e2c2ec8d3f16367e83634769f4
                      • Instruction ID: 0ca1433d14f5875747b05bd668969e6d0e51ec2442024c43fa4b2f544ec944ab
                      • Opcode Fuzzy Hash: c9dea8e3b62440a2c20dc17418e0c70388b722e2c2ec8d3f16367e83634769f4
                      • Instruction Fuzzy Hash: 7C01B171600200AFD310DF16CD85B66FBE8EB88A20F14856AEC089BB41D735F915CBE1
                      Function 060C026A Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 060C02AE
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 05a2aedd87ae919708b9cf40d8bcd3e6b6d235534f6258d9cbddb540cb5912ad
                      • Instruction ID: 889d0182723e17be4353e0236ce978defb16813dfcd1c3974f9d7c87f81dc247
                      • Opcode Fuzzy Hash: 05a2aedd87ae919708b9cf40d8bcd3e6b6d235534f6258d9cbddb540cb5912ad
                      • Instruction Fuzzy Hash: E5018E31500204DFEB60CF55D944B5AFFE0EF08320F08C96EDD864A611C376E428DBA1
                      Function 060C117E Relevance: 1.5, APIs: 1, Instructions: 43registryCOMMON
                      Download Yara Rule
                      APIs
                      • RegQueryValueExW.KERNEL32(?,00000E24,?,?), ref: 060C11CE
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: a562b8aa7057865a707ade99745f847088c30618ef00ed0018a25373055dd821
                      • Instruction ID: 24f908b7781d2774495d0f36c4940d4dfcf502949810e37c14d495c8e7aa95b1
                      • Opcode Fuzzy Hash: a562b8aa7057865a707ade99745f847088c30618ef00ed0018a25373055dd821
                      • Instruction Fuzzy Hash: 9001A271540600AFD324DF1ACD86B66FBE8FB88A20F14811AEC089BB41D771F915CBE5
                      Function 0332A09A Relevance: 1.5, APIs: 1, Instructions: 42networkCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: send
                      • String ID:
                      • API String ID: 2809346765-0
                      • Opcode ID: 4709f18a6ffc7baa9eb70380e09c3dba1d153eef9258099c21f04bccada5acfa
                      • Instruction ID: c5b7445923f05beeaa5d8366decadf57451d5a2d4753e4dccee6d1e057aadccf
                      • Opcode Fuzzy Hash: 4709f18a6ffc7baa9eb70380e09c3dba1d153eef9258099c21f04bccada5acfa
                      • Instruction Fuzzy Hash: 61019E315002449FDB20CF55D984B61FFE4EF04324F08C8AADD498B652D779E418DBA2
                      Function 0332AA06 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: IdleInputWait
                      • String ID:
                      • API String ID: 2200289081-0
                      • Opcode ID: 0b5b084e34e417067ecd29ca93a1839b723234dd5f42e4364727db7e10d4981c
                      • Instruction ID: 479226311eb546f80a26e038a6c4525687551a4a57da56c2bc42dee61a07f41e
                      • Opcode Fuzzy Hash: 0b5b084e34e417067ecd29ca93a1839b723234dd5f42e4364727db7e10d4981c
                      • Instruction Fuzzy Hash: 5F018F719042849FDB20CF15D984B66FFE8EF04720F08C8AADD498B652D779E418CAA2
                      Function 0332B1CA Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                      Download Yara Rule
                      APIs
                      • FindClose.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332B1FC
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseFind
                      • String ID:
                      • API String ID: 1863332320-0
                      • Opcode ID: 3a5011f9f76bd429ddc9451dc9134c08a0550f253c96ee401c94a62f46ceac6c
                      • Instruction ID: 16df1a94bcd8b8c53df50d55e255de6175725852c3161e982804b7a626f28768
                      • Opcode Fuzzy Hash: 3a5011f9f76bd429ddc9451dc9134c08a0550f253c96ee401c94a62f46ceac6c
                      • Instruction Fuzzy Hash: B30162755003448FDB20CF15D985765FBA4DF05221F08C4AADD458BB52D279E458CAA1
                      Function 060C2226 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                      Download Yara Rule
                      APIs
                      • CoGetObjectContext.COMBASE(?,?), ref: 060C225B
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498338214.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_60c0000_svchost.jbxd
                      Similarity
                      • API ID: ContextObject
                      • String ID:
                      • API String ID: 3343934925-0
                      • Opcode ID: a44e0e4435916629219e3edf97e21d232a880fcbe09edcf0b2691ae6e35b069e
                      • Instruction ID: ab009f38b870bc9e86506c9c1908a732bc632d11ebbf81393044a9e798f2085d
                      • Opcode Fuzzy Hash: a44e0e4435916629219e3edf97e21d232a880fcbe09edcf0b2691ae6e35b069e
                      • Instruction Fuzzy Hash: 99F0AD319542449FEB60CF05D884B69FFE0EF08230F08C0AEDD440BA56D279E968CAA2
                      Function 0332A2FE Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                      Download Yara Rule
                      APIs
                      • SetErrorMode.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332A330
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: ErrorMode
                      • String ID:
                      • API String ID: 2340568224-0
                      • Opcode ID: 7447603e38128031347679fbebc59b7635f1ff4deeaa735a4a45a2e11476ada6
                      • Instruction ID: 385da73d008e06c3eff427077454b05117689948c9795f8467dabc7bf91b4b78
                      • Opcode Fuzzy Hash: 7447603e38128031347679fbebc59b7635f1ff4deeaa735a4a45a2e11476ada6
                      • Instruction Fuzzy Hash: E0F08C35904244CFEB20CF09D984B61FFA4EF04220F0CC0AADE494B752D6B9A418CAA2
                      Function 0332BC38 Relevance: 1.3, APIs: 1, Instructions: 68COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332BCA4
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 41ed11c8d95d8052edc61c75b0e838fa0f7e1c6098a1c63c9eefa8398c06bec8
                      • Instruction ID: acfc7fe6acc6f4d4e0901461a9af4e1317783d57189b73731bea242da164820f
                      • Opcode Fuzzy Hash: 41ed11c8d95d8052edc61c75b0e838fa0f7e1c6098a1c63c9eefa8398c06bec8
                      • Instruction Fuzzy Hash: 8821A1715093C45FDB12CB25DC94692BFB8AF07324F0D84DAE8858F663D265A908CB62
                      Function 0332A710 Relevance: 1.3, APIs: 1, Instructions: 67COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332A780
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: b9166ed9d4599de4be4b3c404f4ac6e5dd6a57081d4e438d6c96e4bbae3bfbd3
                      • Instruction ID: 65f7a718f69ddb52fef04cd6f588c3487b9e8baed9fffeb33e0b3111c5f1f95c
                      • Opcode Fuzzy Hash: b9166ed9d4599de4be4b3c404f4ac6e5dd6a57081d4e438d6c96e4bbae3bfbd3
                      • Instruction Fuzzy Hash: 2D21C0B55047809FD711CF65DD85B92BFB8EF02324F0984ABEC458B253D335A909DBA1
                      Function 0332AA81 Relevance: 1.3, APIs: 1, Instructions: 57COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332AAE0
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 4ea91f8c8349d0a372ac10eb95638bb53185f962856492f7bbce9636320b96dc
                      • Instruction ID: f46709250190bc5c4b506b637babe40de327ea04b5bd8866ebdae9a8505b5c91
                      • Opcode Fuzzy Hash: 4ea91f8c8349d0a372ac10eb95638bb53185f962856492f7bbce9636320b96dc
                      • Instruction Fuzzy Hash: CC1160715093C49FDB12CB25DC84A92BFB4DF07220F0888DBED858F253C275A958CBA2
                      Function 05C20509 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID: [Pi^
                      • API String ID: 0-4285995513
                      • Opcode ID: 1572d23382cde8265535b9bbf6c1d4c531bf3ed5304a10b52d6bc474f988a0c4
                      • Instruction ID: 06925040c49a952cc43ae906905a0902855885392f9f1df14087c4d7c15e041f
                      • Opcode Fuzzy Hash: 1572d23382cde8265535b9bbf6c1d4c531bf3ed5304a10b52d6bc474f988a0c4
                      • Instruction Fuzzy Hash: EE01D429F041244B9B49F77A44A527E39DB5FC9144B18C82ED043EB3A4DF2C8C0197E6
                      Function 0332BC72 Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332BCA4
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: ef2f07caae336b527dd1cd83b10147daa257d481fe8b97859af3a4bfa1533cc0
                      • Instruction ID: 6720796e60f50a6240e385a38063129c2bb8125f8dec9ee5179ce2a2647df3c1
                      • Opcode Fuzzy Hash: ef2f07caae336b527dd1cd83b10147daa257d481fe8b97859af3a4bfa1533cc0
                      • Instruction Fuzzy Hash: 8001DF756042548FDB20CF29D9847A6FFE8EF00220F08C4BADC498BB42D775E418CAA2
                      Function 0332A74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332A780
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 414371c6884a08c0c46ec2f16c63b69f87e0483f8d2e83db31e21d4871d20e34
                      • Instruction ID: 92b3ff86c9c0ca6898fec178f8f681bbfd3d375847a73bdd3535b8fc6081122e
                      • Opcode Fuzzy Hash: 414371c6884a08c0c46ec2f16c63b69f87e0483f8d2e83db31e21d4871d20e34
                      • Instruction Fuzzy Hash: 80018F756046448FEB10CF69DD857A6FFE8DF04220F08C4ABED498B752D779E418CAA2
                      Function 0332AAAE Relevance: 1.3, APIs: 1, Instructions: 39COMMON
                      Download Yara Rule
                      APIs
                      • CloseHandle.KERNEL32(?,82BD23E7,00000000,?,?,?,?,?,?,?,?,6C843C58), ref: 0332AAE0
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495777169.000000000332A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0332A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_332a000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: 3cd40caec1e27e90f76aa4d0e6d1adfa30790cc5936816832d30dd1594028657
                      • Instruction ID: 991c08448f722ba9c0d59d72ed351f75b6eec677b8f7789682c9e44ba2e76798
                      • Opcode Fuzzy Hash: 3cd40caec1e27e90f76aa4d0e6d1adfa30790cc5936816832d30dd1594028657
                      • Instruction Fuzzy Hash: B601AD71A042448FDB20CF15D9847A2FFE8EF04620F08C8AADD498F642D779E458CAA2
                      Function 05C21F3F Relevance: .6, Instructions: 559COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2f420c6ddbcb48a4fb8e10de553262d9e16046205a094bd1fd427b5fd51d7608
                      • Instruction ID: 60230038f0c2c68416c82b37c6df5aab2a81d7921f7df27e2d2f0eaac7a9e538
                      • Opcode Fuzzy Hash: 2f420c6ddbcb48a4fb8e10de553262d9e16046205a094bd1fd427b5fd51d7608
                      • Instruction Fuzzy Hash: E712A63AB042218FDB28EB78C4507BD72E2AF84245F148879D856DB290DF39DD86CB91
                      Function 05C20958 Relevance: .5, Instructions: 483COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fb594beddf630226a95d6185adf8a0bdc0d8a120232025e0d505374b14efa828
                      • Instruction ID: 9727768cf683f2b17fb7595142fe3fc2d410bf9d9d0a1effe07e364c5cce44bb
                      • Opcode Fuzzy Hash: fb594beddf630226a95d6185adf8a0bdc0d8a120232025e0d505374b14efa828
                      • Instruction Fuzzy Hash: 4C024B357001149FCB18EB78D455B6E77E6EFD8258B208479E406DB3A4EF3A9C42CB91
                      Function 05C21929 Relevance: .3, Instructions: 334COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a46206197b31aa1e90d6bb5a90b6e7c0b2ad7cbd016c722706963cc4d4486c9f
                      • Instruction ID: 02243ac2b8f66d118871bc24186c96f0d5594466830a22efd98e92121790efd9
                      • Opcode Fuzzy Hash: a46206197b31aa1e90d6bb5a90b6e7c0b2ad7cbd016c722706963cc4d4486c9f
                      • Instruction Fuzzy Hash: E8C19F387001548BEB28DB79DA557AD37EBEBD8208F14882AD406977C4CF3E9C46CB61
                      Function 05C22940 Relevance: .3, Instructions: 327COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fc1e2d3bb7c07a30c3f165def84c5156913027f1801288925e51f962df6d7350
                      • Instruction ID: 1c5694287fd4e80df2efba5edc51a421f61d72223c573229b66515080b57d293
                      • Opcode Fuzzy Hash: fc1e2d3bb7c07a30c3f165def84c5156913027f1801288925e51f962df6d7350
                      • Instruction Fuzzy Hash: E1D15D39A002149FCB19DFB5E451A5D77B6FFD8248B208569E812A73A4DF3A9C43CB90
                      Function 05C21510 Relevance: .3, Instructions: 283COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ebb41ad4e0a9b59c975b9bd8a4e51ffbb7b6e446978a117158e8e267f6c0e34
                      • Instruction ID: 88b38a8f0b09d29bf5c104242ee390ea529988e4f3cf59479e9067a5f2f9f2c1
                      • Opcode Fuzzy Hash: 5ebb41ad4e0a9b59c975b9bd8a4e51ffbb7b6e446978a117158e8e267f6c0e34
                      • Instruction Fuzzy Hash: B4A1C0357042208BD724DB79C984BAD32E3ABC4354F188A79E4129B3D0EB7ADD46CB61
                      Function 05C21999 Relevance: .3, Instructions: 280COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 58bec7a927233af77457e9a4c4d1dda07b935121a51d8848a1f38ca6a7fc9ca6
                      • Instruction ID: bba01c7cf2c28ee8286ed2a9ebc6840d1645e043f9f9af27de28c950c930565b
                      • Opcode Fuzzy Hash: 58bec7a927233af77457e9a4c4d1dda07b935121a51d8848a1f38ca6a7fc9ca6
                      • Instruction Fuzzy Hash: 2FA18E783001148BEB28AB39DA557BD37EBABD8208F14883AD406977D4CF7D9C46C761
                      Function 05C219B7 Relevance: .3, Instructions: 277COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2bad7eda9b7c0d08eb6f15e656c4141e7fafe1d512a07f22b8fd5f6bb6a3450b
                      • Instruction ID: a8bc131667d5bb452eb3edb6b2e05cfd60b3227fb55c0b728f92c20eed30d1ad
                      • Opcode Fuzzy Hash: 2bad7eda9b7c0d08eb6f15e656c4141e7fafe1d512a07f22b8fd5f6bb6a3450b
                      • Instruction Fuzzy Hash: 70A19F783001148BEB29AB39DA557BE36EBABD8208F14883AD406977D4CF7D9C46C761
                      Function 05C219CA Relevance: .3, Instructions: 276COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d53e9d2f70b38cd33ac8a632d02ec7cf35c7a6afc7a540e518774f098b43714f
                      • Instruction ID: e67d086fd9c3852bf8db651cd021f285396dd18d0246afa998419c8847381fe0
                      • Opcode Fuzzy Hash: d53e9d2f70b38cd33ac8a632d02ec7cf35c7a6afc7a540e518774f098b43714f
                      • Instruction Fuzzy Hash: 89A19E783001148BEB28AB39DA557BE36EBABC8208F14883AD006977D4CF7D9C46C761
                      Function 05C22931 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e562e145cd65a9cf71ae0fb7de655fdcadf3e28149905b8516f8b582a5c7c62e
                      • Instruction ID: 864bed0954f0a111b895aebfb276f299ec5448a53b73bd412223e1cc5699f33d
                      • Opcode Fuzzy Hash: e562e145cd65a9cf71ae0fb7de655fdcadf3e28149905b8516f8b582a5c7c62e
                      • Instruction Fuzzy Hash: 65A15B39A00214DFCB19DF79E851A5E77B6EBD8348B208569E812973A4DF3E9C43CB50
                      Function 05C22A45 Relevance: .2, Instructions: 228COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d85ff47c69e54af455f3017c6597119eafc6b83b925129d5dba8dcf95315a788
                      • Instruction ID: abab01cd94da0a0729b96739d4e3252c97e4339d6f1d7b3f872fbedb8a98a7e4
                      • Opcode Fuzzy Hash: d85ff47c69e54af455f3017c6597119eafc6b83b925129d5dba8dcf95315a788
                      • Instruction Fuzzy Hash: 7A914939A002149FDB19DFB8E451A6D77A2FFD8348B208469E812973A4DF3E9C43CB50
                      Function 05C22A95 Relevance: .2, Instructions: 217COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c0b0366088535dc3ee400e8d808e0572e876e12215eb38cd0697a17f882a85d
                      • Instruction ID: 264d092a9ee855cc406247912d81c5e1e5d4f45685e3713df938fd2511cf6eb7
                      • Opcode Fuzzy Hash: 9c0b0366088535dc3ee400e8d808e0572e876e12215eb38cd0697a17f882a85d
                      • Instruction Fuzzy Hash: 1E814839A012149FDB19DFB8E451A6D77A2EFD8248B208569E812973A4DF3E9C43CB50
                      Function 05C22AD7 Relevance: .2, Instructions: 210COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7acc924ffd7ac59d29287dcde68448e23e75d0a087d4daadf72e807feaa19228
                      • Instruction ID: fbb697eabc9236ef65b56002c3a95b9467092371ef51aa37d9dd62ec6444c30c
                      • Opcode Fuzzy Hash: 7acc924ffd7ac59d29287dcde68448e23e75d0a087d4daadf72e807feaa19228
                      • Instruction Fuzzy Hash: 75814939A012149FDB19DF78E451A6D77A2FFD8348B208569E812973A4DB3E9C43CB50
                      Function 05C20B03 Relevance: .2, Instructions: 194COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fc9a3ef27f7c0ea4f30eebc0a4453a01051d9fd0799e6aa74b0df84c869d2f0b
                      • Instruction ID: 911f91265dc870994a133ae26c9b0dea0ae58ca597a381245c6fb459a169400a
                      • Opcode Fuzzy Hash: fc9a3ef27f7c0ea4f30eebc0a4453a01051d9fd0799e6aa74b0df84c869d2f0b
                      • Instruction Fuzzy Hash: 04716A397002108FDB19DB38D455B6D37A6EBD8319B20856AE4069B3D4DF3E9C83CB61
                      Function 05C22B4B Relevance: .2, Instructions: 189COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b645cfb4500ff1aec2bf81ce6961c053d3551b571e3a2f22a16fd0b740b7a996
                      • Instruction ID: cb8dcf4acdc33783266de20c31120920a6c4a50fe49a9b8f3410aff82ada9593
                      • Opcode Fuzzy Hash: b645cfb4500ff1aec2bf81ce6961c053d3551b571e3a2f22a16fd0b740b7a996
                      • Instruction Fuzzy Hash: C1714939A012149FDB19DF78E450A6D77A6EFD8348B208569E812973A4DF3E9C43CB50
                      Function 05C205DA Relevance: .2, Instructions: 171COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 884cf2f2c256788ca04d0d880dfd0471d797eda68589a8c545cc7ec3bdc3863d
                      • Instruction ID: 03a0d2da15422476d983409d0abedf88078489c6099a435a17293e2a76b00f82
                      • Opcode Fuzzy Hash: 884cf2f2c256788ca04d0d880dfd0471d797eda68589a8c545cc7ec3bdc3863d
                      • Instruction Fuzzy Hash: B0614C39700200CFDB159B35E44966D77E6FBD8249B24856AE80297394DF3EDC83CB61
                      Function 05C205C5 Relevance: .2, Instructions: 159COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1a6cb34b24873ca9b15b7a0c00d7d4a25133afd1c86bb67b27d42f46e17591f
                      • Instruction ID: ec8d463ec61d0e2df0cddd73e619759b8688a255e964fae9563fcc5699a7384c
                      • Opcode Fuzzy Hash: c1a6cb34b24873ca9b15b7a0c00d7d4a25133afd1c86bb67b27d42f46e17591f
                      • Instruction Fuzzy Hash: 76516B39700200CFD70A9F35D45962D77A6FBD924972485AAE8029B3A4DF3F9C83CB61
                      Function 05C20BA8 Relevance: .2, Instructions: 153COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12a255076b3cbf85d17919fad1bae7b56970fe37a7f5bb54c5324e053f7fbb40
                      • Instruction ID: d835458a480e765e2d937e08260beece763ac3cb668ac2f57959b46fc9239f90
                      • Opcode Fuzzy Hash: 12a255076b3cbf85d17919fad1bae7b56970fe37a7f5bb54c5324e053f7fbb40
                      • Instruction Fuzzy Hash: E45168397002108FD719DB34E459A6D77A2EBD8319B60856EE8069B394DB3E9C83CB61
                      Function 05C20634 Relevance: .1, Instructions: 145COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 749119f7e89271467599cf899b27fc1d711cee56f88d4b4b47e41fe59cac7639
                      • Instruction ID: 0d0515c74b52616a066660cf8cd002d1fadb416a0cdf90b3a1a6d3f4b56f228f
                      • Opcode Fuzzy Hash: 749119f7e89271467599cf899b27fc1d711cee56f88d4b4b47e41fe59cac7639
                      • Instruction Fuzzy Hash: ED510C39700200CFDB199F35E459A2D77A6FBD8249724856AE80297394DF3F9C83CB51
                      Function 05C2150B Relevance: .1, Instructions: 142COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42871988ea94187b3d1299beef68ee856042896791fb1da5898c678be23a25f9
                      • Instruction ID: 9efc297529b60ceb36da678c282c7bb9082f91904d8d48018b47ea013de5b7ba
                      • Opcode Fuzzy Hash: 42871988ea94187b3d1299beef68ee856042896791fb1da5898c678be23a25f9
                      • Instruction Fuzzy Hash: 1951B1346042119AEB24DF36D9447AD37E6FBC4350F5C89B9E412DA2D0EB39DE86CB20
                      Function 05C22C2D Relevance: .1, Instructions: 142COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 06c9950f78c63458437744e502ff440f165934054f307d54c73f834473bb7542
                      • Instruction ID: 9f3477c3f1654792ee31435846dd7a1f144d52ab14f0856393a37ff7f9b04013
                      • Opcode Fuzzy Hash: 06c9950f78c63458437744e502ff440f165934054f307d54c73f834473bb7542
                      • Instruction Fuzzy Hash: 3B515F39A002149BDB18DF78E551B6D77A6EFC8348F208569E815973A4DF3E9C43CB90
                      Function 05C218E0 Relevance: .1, Instructions: 133COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 535cbac9a36d4161d863090f6b14f6871d181be5ec7fa7397d5ec69932c6183b
                      • Instruction ID: aa4cc43b15af869e5000382498bc4e472ff29dd7061fa7f0c25e5c1da213f86a
                      • Opcode Fuzzy Hash: 535cbac9a36d4161d863090f6b14f6871d181be5ec7fa7397d5ec69932c6183b
                      • Instruction Fuzzy Hash: 9C419E34A042118AEB24DF36D9447AC36E6FBC4355F5C89B9E412DA2D0DF39DE86CB21
                      Function 05C20080 Relevance: .1, Instructions: 129COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7352548540bd1686252c9760accb7b421a2917f8cb656dd548d31584c08bb597
                      • Instruction ID: 566d6cca78c554afc9c82597a00996aa403d9aaacf3370239fa3971e2b0c90c1
                      • Opcode Fuzzy Hash: 7352548540bd1686252c9760accb7b421a2917f8cb656dd548d31584c08bb597
                      • Instruction Fuzzy Hash: F15126392051458BC724DF38E585A8D77F2EFE0288780C96DE4458B369EB3D5D4BCBA1
                      Function 05C20C22 Relevance: .1, Instructions: 125COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c9c3d6a4006112e9178c190c85c01771f09ddeb27b2fedab59c0e2b8b85045e4
                      • Instruction ID: 6a11ffe167f8a12ac97fc8a57cdbb07aa005e55a57affdd9583c285d7b1cb09a
                      • Opcode Fuzzy Hash: c9c3d6a4006112e9178c190c85c01771f09ddeb27b2fedab59c0e2b8b85045e4
                      • Instruction Fuzzy Hash: 8E416A397002108FDB18DB74D459B6D77E2EBD8319B60856EE4169B394DB3E9C42CB60
                      Function 05C21238 Relevance: .1, Instructions: 115COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0dd4aea36da1f30df928c8c876d8cb0146772cef28c12a6d51052ee681bf8344
                      • Instruction ID: bd8562548aff7af72778b0f10fa90d61ae7fc516971954324c198a0d8ea4ae2d
                      • Opcode Fuzzy Hash: 0dd4aea36da1f30df928c8c876d8cb0146772cef28c12a6d51052ee681bf8344
                      • Instruction Fuzzy Hash: B8419F35A002158FCB14EF78D8846ADB7E6EF88214B588479D805DB399EF38CD46CBE0
                      Function 05C227AB Relevance: .1, Instructions: 108COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a53a9578d138892eb5c7b4a82284c5298fc967fad4d5b021343f68226719aeea
                      • Instruction ID: 64ec94d9c5f47627413283396e9b11addf7d03b34249b4aaec41a2db9fdc93cc
                      • Opcode Fuzzy Hash: a53a9578d138892eb5c7b4a82284c5298fc967fad4d5b021343f68226719aeea
                      • Instruction Fuzzy Hash: B431C235B002085BDF14DBB9DA91BADBBE7AFD4204F04846AE505E77A0DF399D05CB50
                      Function 05C2122B Relevance: .1, Instructions: 108COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 93ed4a3c87d5bc02c031891296a468c8db1c592fb1fe51d3f59dbf56e3b9194c
                      • Instruction ID: 9176d12dd08615f2855d525592ea62554b87ebc096399cc5c6619e89bc70ca33
                      • Opcode Fuzzy Hash: 93ed4a3c87d5bc02c031891296a468c8db1c592fb1fe51d3f59dbf56e3b9194c
                      • Instruction Fuzzy Hash: 28318135A002158FCB14DF38C8856AE77E6EF88204F58C479D805DB399EB38DD86CBA0
                      Function 05C231F8 Relevance: .1, Instructions: 107COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 30bf6028daceb609171e5257c4d32bd1d70dbde92a2fef7bb8f4dac8e7cf77a1
                      • Instruction ID: 903f2e59cb72f5c9132a31bdb5c159ccde86bf29db1652592e9743ad7b3e801d
                      • Opcode Fuzzy Hash: 30bf6028daceb609171e5257c4d32bd1d70dbde92a2fef7bb8f4dac8e7cf77a1
                      • Instruction Fuzzy Hash: 1531DF34B002159FDB14CB79D944BAEBBE6AFC8614F148839E005EB3A0DF799D068B91
                      Function 05C20C8D Relevance: .1, Instructions: 100COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ff2d0bcb131528888608a55eaa7cd1320bba2808d5d409fce7d2e051bad42fe0
                      • Instruction ID: 5f0df3315c0d3918d1400f2583f2451f3f312b6850f8a82f0c169526d79d1a46
                      • Opcode Fuzzy Hash: ff2d0bcb131528888608a55eaa7cd1320bba2808d5d409fce7d2e051bad42fe0
                      • Instruction Fuzzy Hash: 43319C397001108FDB14EB74D459BAD76E2EBC4319F60856AE4169B394DF3E9C42CBA0
                      Function 034010AE Relevance: .1, Instructions: 98COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b4b84487a4948d77133af58808c572284f6e0cf23589f19f1ec74e7041f192ef
                      • Instruction ID: b5234d91b748d184084e98e5fbdb84a069f87821a0de3efe41cc2a5ba4f57975
                      • Opcode Fuzzy Hash: b4b84487a4948d77133af58808c572284f6e0cf23589f19f1ec74e7041f192ef
                      • Instruction Fuzzy Hash: F431B6751097C09FD712CF15DC40A52BFA8EF46320F0984EBD885CFA53D239A908CB65
                      Function 05C22D48 Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d41af63cc4dd900b54ccecb20fe8730e48393e583456da6872a325a1421bfea3
                      • Instruction ID: 1e7b080800223662ba2fa38de5c3a072fd43c2ba52097bf48943ae1df5a6f414
                      • Opcode Fuzzy Hash: d41af63cc4dd900b54ccecb20fe8730e48393e583456da6872a325a1421bfea3
                      • Instruction Fuzzy Hash: 96315039B002189BDB249B78E55566D776BFBC8248F20C43AD81197794CF3E9C53CB91
                      Function 05C22698 Relevance: .1, Instructions: 71COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f82f9e83f285cc6059546290548b2202dd878f536c7491cb473f9fe2f47f7bc
                      • Instruction ID: 61616f73dc1040ef7ae4a3546dd4263153883c58473bfc2454f794cb65b88893
                      • Opcode Fuzzy Hash: 6f82f9e83f285cc6059546290548b2202dd878f536c7491cb473f9fe2f47f7bc
                      • Instruction Fuzzy Hash: 9B119339F003185BDB14EA75D841BBEB6F6BF89650F00C529D506FF280EE359D408BA0
                      Function 05C223D3 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa46ffdeb5d6cf3d46c1915f6857281b4a08de5b5b5f4ec6488a0624ddb519a1
                      • Instruction ID: 13362bc8288db4fb287dea10a9af219d017e7412611e60439ae4fc6164eaed37
                      • Opcode Fuzzy Hash: fa46ffdeb5d6cf3d46c1915f6857281b4a08de5b5b5f4ec6488a0624ddb519a1
                      • Instruction Fuzzy Hash: 2E11D636A042248FCB18DB79D4446ADB7F6FBDC254B14487DD806E7364DB3A9C42C790
                      Function 05C20E55 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 10677cdfc0617c2c4e3bdacc0aa6b6c50ca0b3983f9749d20d506963176ab575
                      • Instruction ID: 43ab77d1116878b1c641f50fccfcd610d94e645aa92e74385260bf79c99ba576
                      • Opcode Fuzzy Hash: 10677cdfc0617c2c4e3bdacc0aa6b6c50ca0b3983f9749d20d506963176ab575
                      • Instruction Fuzzy Hash: 78214D35B110189FCB04DBB8D494AADB3F7FFC8258B208169E416AB364DF399C06CB91
                      Function 03401365 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4bc2ff9e8216a473b029eb302518191b3410089931b3539686562773c48aa98
                      • Instruction ID: 51b367a8fe4a415af504376f859f6d0c080a80ad79927dc40c38d2fd57438d0e
                      • Opcode Fuzzy Hash: d4bc2ff9e8216a473b029eb302518191b3410089931b3539686562773c48aa98
                      • Instruction Fuzzy Hash: 7B211D395093C09FD707CB20D990B55BFB5AB56318F1985EBD4848F6A3C23A9816CB52
                      Function 05C20D40 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5f892b22c0bdc1fe5843d6c28cbf98bf50bdb27a4cf80471443749e45d0bd397
                      • Instruction ID: e25a8bb04dea9fc33d3f78711587c344cdc793bd0faf5901ca166080d9f72cd0
                      • Opcode Fuzzy Hash: 5f892b22c0bdc1fe5843d6c28cbf98bf50bdb27a4cf80471443749e45d0bd397
                      • Instruction Fuzzy Hash: 1B11A538B012208FDB14EF75D4856AC77F2EBC4319F64842ED051EB294DB39C942CB60
                      Function 05C20773 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 39ce44f2a876e22c5e4fa4d02189d0944ea660638eab3482ff3442349b70ebef
                      • Instruction ID: 80e170da73cf33efb5a788e83e3e91d550ed42556c027675aa437846f81ecf87
                      • Opcode Fuzzy Hash: 39ce44f2a876e22c5e4fa4d02189d0944ea660638eab3482ff3442349b70ebef
                      • Instruction Fuzzy Hash: B8210B39700200CFCB199B34D455A2D73A2FBE924972145AAE902973A4DF3F9C83CB51
                      Function 064D2990 Relevance: .1, Instructions: 60COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498445773.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_64d0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7ed1d61f07d9d196154c685e07a99dc784f0e52d18fc43f4414abc8455ebb928
                      • Instruction ID: ec253bc3aa6e575f1667da16c28f41be6b42ef66eb13b60e5e7eb8c367f4f3d5
                      • Opcode Fuzzy Hash: 7ed1d61f07d9d196154c685e07a99dc784f0e52d18fc43f4414abc8455ebb928
                      • Instruction Fuzzy Hash: 1011EDB5508341AFD350CF19D980A5BFBE4FB88664F04896EF898D7311D231E9148FA2
                      Function 0340139C Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 121326b3a963f426f5fa72fd35eb8ae3d66ee2a397b78b9d65adb30219dcab1d
                      • Instruction ID: e97ece9cdc838e3a61477d6481711fb8948fd51297c5428dc70fc7dd8692d905
                      • Opcode Fuzzy Hash: 121326b3a963f426f5fa72fd35eb8ae3d66ee2a397b78b9d65adb30219dcab1d
                      • Instruction Fuzzy Hash: 8911D238304280DFD311CB10D580B26FBA5EB89708F28C9AEE4494FB92C77BD813C655
                      Function 05C23113 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9ea5053590997099b6c7339575453615566aba2069b095671fa27ee13b0e58b3
                      • Instruction ID: 07d3fe5ca8ea6c52363a6f09af2672da52db675f5942bd48f26e8933bf479682
                      • Opcode Fuzzy Hash: 9ea5053590997099b6c7339575453615566aba2069b095671fa27ee13b0e58b3
                      • Instruction Fuzzy Hash: 1E01C436E002689B9F00E7B9DD45AEE77F5EF85644B004CA9D801FB240EB29DE05C7E1
                      Function 03401001 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: eabe27a1e7125987421f38090383611408e83c5df8c6495d040cac98dab864f8
                      • Instruction ID: 3f4795cb9ba0cb033a56c5fbb032cae69b12d3c1c80c73f2581d4d77d1f59f59
                      • Opcode Fuzzy Hash: eabe27a1e7125987421f38090383611408e83c5df8c6495d040cac98dab864f8
                      • Instruction Fuzzy Hash: 1B01DD751097C06FD712CB19DD40893BFE8DF8663070C85AFE8858BB43D225B819C7A5
                      Function 0333BB10 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495831375.000000000333A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_333a000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 067ceb67a984971c19a2f3707cda93925ab92367b188cbd7d7ecf0701e5ab84d
                      • Instruction ID: 5311af6236babcebe925c60d971b990dae5169f5ee9c4c2d17cea6570f04d708
                      • Opcode Fuzzy Hash: 067ceb67a984971c19a2f3707cda93925ab92367b188cbd7d7ecf0701e5ab84d
                      • Instruction Fuzzy Hash: B811ECB5508305AFD350CF09DD40E57FBE8EB88660F04C92EF95897311D231E9188BA2
                      Function 064D2834 Relevance: .1, Instructions: 52COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498445773.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_64d0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fe6ed19d4ce4c4cc4b2db6e94cf2e0af3b06f09294f14cb04114d030f85e45a4
                      • Instruction ID: f6ebce4e2fe454f14b895398b44769311a3bb5a2db421434ea844cdeb92d512a
                      • Opcode Fuzzy Hash: fe6ed19d4ce4c4cc4b2db6e94cf2e0af3b06f09294f14cb04114d030f85e45a4
                      • Instruction Fuzzy Hash: 7411ECB5508305AFD350CF09DD80E57FBE8EB88660F04CD2EF95897311D231E9188BA2
                      Function 05C213B8 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6d6fc018acceb2fbd3c371e1e7a0d4cafbaac90f59a6ce497d3b1076804f2018
                      • Instruction ID: 73a8162ca3d922df29f858bee6bbe862373eba3b3f4ed748faa6f772ed732b32
                      • Opcode Fuzzy Hash: 6d6fc018acceb2fbd3c371e1e7a0d4cafbaac90f59a6ce497d3b1076804f2018
                      • Instruction Fuzzy Hash: D7019E71F002148F8B54DF79980659EB7F6EBC924872045BED409E3340EB3A8D02CBD1
                      Function 05C22F63 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 572bff7670122a026abf84f1f626c7e95bf69bbfdcd0a491af08ee5aa5865fd9
                      • Instruction ID: b24358efcd235e009acded21a11da1ccf173106f4d15287d0145856898a0579d
                      • Opcode Fuzzy Hash: 572bff7670122a026abf84f1f626c7e95bf69bbfdcd0a491af08ee5aa5865fd9
                      • Instruction Fuzzy Hash: CF01D776D1110CABCB04DFA9E8819DEBBF9EFC9210F10812AE515F3250EB34A945CBA0
                      Function 03401049 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 263b408b276379d73202d9d430dc31cd31083880861338e6986b00cad66eda39
                      • Instruction ID: 48a5aa2cb8eb22473f9bc4625dc737a7736618684f75cbde87cf83845e159acd
                      • Opcode Fuzzy Hash: 263b408b276379d73202d9d430dc31cd31083880861338e6986b00cad66eda39
                      • Instruction Fuzzy Hash: 2101D4751493809FC312CF29DC40852BFF8DF4623070984AFE8889B652D235B919CB72
                      Function 05C23069 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1026d6175545ca2bea3841c5b95adaef325a8491676b7bec3eabf175f67e8d2a
                      • Instruction ID: 5816f2721dd5e0559b34dbcdc34a754db735d3e05c0b7325337da6808e25eb90
                      • Opcode Fuzzy Hash: 1026d6175545ca2bea3841c5b95adaef325a8491676b7bec3eabf175f67e8d2a
                      • Instruction Fuzzy Hash: 32014476F042A88AEF10D7B698016FCB2A3EF80A14F054C37C511A72D0EA3ECA44C223
                      Function 05C20D98 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fdc5e1eff5886ce53595b0d1f9f676f3c04470db028eaba3ba08bbedea602771
                      • Instruction ID: 1865bfa5883d3179da5ae661a404e8a1337ec53e75befe837646c1a8219133eb
                      • Opcode Fuzzy Hash: fdc5e1eff5886ce53595b0d1f9f676f3c04470db028eaba3ba08bbedea602771
                      • Instruction Fuzzy Hash: 4E011E34A01214CFDB14DF79E0855ACBBF2FF88319B50846EE455AB350DB39C982CBA0
                      Function 05C23073 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be725f6315ac3ed9b56b7bd115b3ac268b4edad1d2869997ed9f3985d236fac2
                      • Instruction ID: a2c12492e526af4eb3c1358acf03d0e418c56e63cb1eedc9933e1b737c9cc7e8
                      • Opcode Fuzzy Hash: be725f6315ac3ed9b56b7bd115b3ac268b4edad1d2869997ed9f3985d236fac2
                      • Instruction Fuzzy Hash: 3EF09C36F042185AEF00D969DC417EEB7F7DBC4760F049436DA14E72C0DB7A595486B2
                      Function 05C21EAF Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5cc0dc9955e262d4352b392b92837ecbbc645ffed244d225903b7fc330bc8c25
                      • Instruction ID: 5c3da2a1d5715336aa1a9c0a16f9d78b09ae701b33aaeeebc0c04a0bf5354456
                      • Opcode Fuzzy Hash: 5cc0dc9955e262d4352b392b92837ecbbc645ffed244d225903b7fc330bc8c25
                      • Instruction Fuzzy Hash: 5FF096B1E002089FCF00DBB988816DFBBF4EB49210F10447AC208E7240E7358605CBA1
                      Function 03401028 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb06e0641f64d6088c6801cfc49557cf2485f82de7e4ee76e49a7ccd14895cf6
                      • Instruction ID: cfa6cfc76102681aa359041c87be4a64aa8208e8021411bb86bb6b4211077ddf
                      • Opcode Fuzzy Hash: cb06e0641f64d6088c6801cfc49557cf2485f82de7e4ee76e49a7ccd14895cf6
                      • Instruction Fuzzy Hash: 6DF0E2756446804FD751CF16ED814A2FBE4EB85230B18C5BFDC4C8F702E279A91ACBA2
                      Function 05C20893 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4bc4c23a4c0a7db9d09335f26383fa05fe24dbda305bb77569ea44be63feb494
                      • Instruction ID: b08696531e3947c242b6a2da5e0386e6a11741f50fac5876aa0230b6d837e020
                      • Opcode Fuzzy Hash: 4bc4c23a4c0a7db9d09335f26383fa05fe24dbda305bb77569ea44be63feb494
                      • Instruction Fuzzy Hash: 60014C38604206AFC710FB78D4D945DBBE1EBC5709F40CC2CE845CB354DB3988499B52
                      Function 03401458 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b70775fa7fba082640ea6612efbe150b967e127f1e19d622fa4717441736e815
                      • Instruction ID: b3294f87a84cc7a78ed61176d0288498c8db1ed08f0f122b7ce318130f3e399c
                      • Opcode Fuzzy Hash: b70775fa7fba082640ea6612efbe150b967e127f1e19d622fa4717441736e815
                      • Instruction Fuzzy Hash: DDF01D39204644DFC305CB50D580B16FBA6FB89718F24CAADE9490BB62C337D813DA85
                      Function 03401038 Relevance: .0, Instructions: 30COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c0dbbd93dc73c665b7d8c8f041f6d0080f7a205c1973823773f6018aac6d8610
                      • Instruction ID: 67396738f5edc87628fd1c8ccb4ad0102f9faa7dae5ead1ffd95e6d4c450e5c1
                      • Opcode Fuzzy Hash: c0dbbd93dc73c665b7d8c8f041f6d0080f7a205c1973823773f6018aac6d8610
                      • Instruction Fuzzy Hash: F6E0E5756442404FC651CB16BC414A5BB90EA80230718C0BFDC4C8E712D229911ACB96
                      Function 0340106E Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4496084958.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b076d47843f9ebd1deac45bb52f3b47defe6f8bbc09836b6818f69b641a6ac5e
                      • Instruction ID: 57f3d86d32467e83394999ed9e7daf8c48dcf73f3491b4ae8941135f45ce7175
                      • Opcode Fuzzy Hash: b076d47843f9ebd1deac45bb52f3b47defe6f8bbc09836b6818f69b641a6ac5e
                      • Instruction Fuzzy Hash: 30E092BA6006448B9650CF0AEC814A2F7D8EB84630B08C47FDC0D8BB01E279B518CAA5
                      Function 0333BB5F Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495831375.000000000333A000.00000040.00000800.00020000.00000000.sdmp, Offset: 0333A000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_333a000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e1900cac7280781e5706a91a2804a7009927d89a5bfb8962ece3f44c046d072
                      • Instruction ID: 8cc63843e6f49d308d2c8a91150ce3959be4d06dd504ecd9cfe237e5f9015906
                      • Opcode Fuzzy Hash: 3e1900cac7280781e5706a91a2804a7009927d89a5bfb8962ece3f44c046d072
                      • Instruction Fuzzy Hash: A7E0D8F25402046BD2108E06AC45F62FBD8DB40A31F04C567ED085B702E176B51489F1
                      Function 064D29FB Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498445773.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_64d0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a4a35660608d89eb66aaa5b7039d08d5caeee29da3cb1fc5e67dd5e7693ec15f
                      • Instruction ID: 9500b8cea0bab8f936b6fca439b5daef5a9b319ded286b09f84d9d2677f0c4f4
                      • Opcode Fuzzy Hash: a4a35660608d89eb66aaa5b7039d08d5caeee29da3cb1fc5e67dd5e7693ec15f
                      • Instruction Fuzzy Hash: 2AE0D8F25402046BD2108E069C85F62FBD8DB44A31F04C567ED081B742E175B51889E5
                      Function 064D2883 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498445773.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_64d0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a5a292a4049ec58b085271bea67eeca2469a02a6f63df0e299a8e5e8fd54b45b
                      • Instruction ID: 6defbdf1a8c11021a73497c5a013a7503fcf18aa70d40326762b6964926d2161
                      • Opcode Fuzzy Hash: a5a292a4049ec58b085271bea67eeca2469a02a6f63df0e299a8e5e8fd54b45b
                      • Instruction Fuzzy Hash: FAE0D8B25002046BD2509E069C85F63FBD8DB40A31F04C567ED0C1B702E176B51489F1
                      Function 064D22A7 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4498445773.00000000064D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064D0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_64d0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0cddc6bba30505cf022da76fa13d90791a3863999a775148e1c5b27063bb25bb
                      • Instruction ID: 03e817b464e5ced99b0b89b9e6f7525d33d328ccba44fd41365bf1893ced82d2
                      • Opcode Fuzzy Hash: 0cddc6bba30505cf022da76fa13d90791a3863999a775148e1c5b27063bb25bb
                      • Instruction Fuzzy Hash: DDE0D8B25002046BD2109E06AC85F63FBD8DB40A31F04C567ED081B702E176B614C9E1
                      Function 033223F4 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495756679.0000000003322000.00000040.00000800.00020000.00000000.sdmp, Offset: 03322000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3322000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bbc079164eb89b2b479d52054ef28450ed8e28fe638d0fe5d16c5349f28be6de
                      • Instruction ID: f00f429ea8f6ed9c96e18db090917c8bd8161fb3c102e11d19fb350b11e3bf52
                      • Opcode Fuzzy Hash: bbc079164eb89b2b479d52054ef28450ed8e28fe638d0fe5d16c5349f28be6de
                      • Instruction Fuzzy Hash: BAD05E792056E14FD326DB1CCAA4B9A7BD4AB51B18F4A48FAAC00CB763C768D5C1D610
                      Function 05C231BB Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7d8cb502cb93de969f25308033eba796cd27972909b7ccf296d422b5a69bdac6
                      • Instruction ID: 7430b2e1cd1e8ddbfab1165f659d69e2ae26ea5fdb84069693c0d90cebdb0c14
                      • Opcode Fuzzy Hash: 7d8cb502cb93de969f25308033eba796cd27972909b7ccf296d422b5a69bdac6
                      • Instruction Fuzzy Hash: 1DD0223090020CFBCF05EFB0C999B5C777CDB01210F0009E9D80AC7340DA36AE049B81
                      Function 033223BC Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495756679.0000000003322000.00000040.00000800.00020000.00000000.sdmp, Offset: 03322000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3322000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4bc889eceefe3428d566ff812b6994ebec3099d889e3337dbd1e2dd201bb7ff8
                      • Instruction ID: 610e55bca1cf02caa2ec5f1fc3784a8d326e3110d25be2ed67248376abdf3726
                      • Opcode Fuzzy Hash: 4bc889eceefe3428d566ff812b6994ebec3099d889e3337dbd1e2dd201bb7ff8
                      • Instruction Fuzzy Hash: 99D05E342002814BC729DA0CCAD4F5A7BD4AF40714F0A48E8AC10CB762C7A9D8C0DA40
                      Function 05C2145B Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6e7d1025450136af7f54b2d7c349bf320529994c14386945e78ce055d9792644
                      • Instruction ID: 329af3dc1464a8ca1443769409193bdb39ad46b8182af408a9d8bb7b03a61094
                      • Opcode Fuzzy Hash: 6e7d1025450136af7f54b2d7c349bf320529994c14386945e78ce055d9792644
                      • Instruction Fuzzy Hash: 45C022323044391B8D28B23CB98488A62598BC02103498A26A004CB304CF1448429394
                      Function 05C2006B Relevance: .0, Instructions: 3COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4497983370.0000000005C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C20000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_5c20000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9670b1eef99d8bea6f1120a3eaaa81676ca7c42205ff03b364af110e02b424f3
                      • Instruction ID: 6147ea4f217ca86aa27569dff989f77b2d236630fd6b748a8d8199fcb43dc9c4
                      • Opcode Fuzzy Hash: 9670b1eef99d8bea6f1120a3eaaa81676ca7c42205ff03b364af110e02b424f3
                      • Instruction Fuzzy Hash:

                      Non-executed Functions

                      Function 0332269A Relevance: .4, Instructions: 429COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000002.00000002.4495756679.0000000003322000.00000040.00000800.00020000.00000000.sdmp, Offset: 03322000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_2_2_3322000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ee4b69257be37c49b4c8fda1d3a9d06738a19b4ca56fdff32d0049faf944bfc8
                      • Instruction ID: bc9c30a1fc85bdaf4cff0cc719e199fe2fa7234cfeb21b0ac92440b36b23e111
                      • Opcode Fuzzy Hash: ee4b69257be37c49b4c8fda1d3a9d06738a19b4ca56fdff32d0049faf944bfc8
                      • Instruction Fuzzy Hash: AEF1697144E3D19FDB1B8B348DA2146BFB4AEA761470E94CFC9C08F0A7D3249919CB66

                      Execution Graph

                      Execution Coverage:16%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:12
                      Total number of Limit Nodes:0
                      execution_graph 585 25ca646 586 25ca67e CreateMutexW 585->586 588 25ca6c1 586->588 597 25ca361 598 25ca392 RegQueryValueExW 597->598 600 25ca41b 598->600 593 25ca612 595 25ca646 CreateMutexW 593->595 596 25ca6c1 595->596 601 25ca462 603 25ca486 RegSetValueExW 601->603 604 25ca507 603->604

                      Callgraph

                      Executed Functions

                      Function 04EC0310 Relevance: 3.9, Strings: 3, Instructions: 191COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 4ec0310-4ec0334 2 4ec033e-4ec0346 0->2 3 4ec0336-4ec0338 0->3 4 4ec034e-4ec0391 2->4 5 4ec0348-4ec034d 2->5 3->2 8 4ec03d8-4ec0418 4->8 9 4ec0393-4ec03ce 4->9 16 4ec041f-4ec0434 8->16 17 4ec041a 8->17 9->8 19 4ec046b-4ec0523 16->19 20 4ec0436-4ec0460 16->20 17->16 39 4ec0525-4ec0569 19->39 40 4ec0570-4ec0587 19->40 20->19 39->40 41 4ec058d-4ec05bf 40->41 42 4ec0880 40->42 41->42
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311999780.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4ec0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID: [&j^$-[&j^$=[&j^
                      • API String ID: 0-738355262
                      • Opcode ID: d263df445b5ae3ba080984c69109b18ea06bddcd0ed2cb6923ba349c0f021f9f
                      • Instruction ID: 1a1fed17bbe1ab80391d97921a4f28a8ec0c4c7463acca7441da727a609b17e4
                      • Opcode Fuzzy Hash: d263df445b5ae3ba080984c69109b18ea06bddcd0ed2cb6923ba349c0f021f9f
                      • Instruction Fuzzy Hash: 83513531B002108FD728AB79D9516BE37E7ABC5248B58846DE402DB3D4EF39DC06DB96
                      Function 04EC03BD Relevance: 3.9, Strings: 3, Instructions: 135COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 53 4ec03bd-4ec0418 61 4ec041f-4ec0434 53->61 62 4ec041a 53->62 64 4ec046b-4ec0523 61->64 65 4ec0436-4ec0460 61->65 62->61 84 4ec0525-4ec0569 64->84 85 4ec0570-4ec0587 64->85 65->64 84->85 86 4ec058d-4ec05bf 85->86 87 4ec0880 85->87 86->87
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311999780.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4ec0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID: [&j^$-[&j^$=[&j^
                      • API String ID: 0-738355262
                      • Opcode ID: 78032482f73f5b1371ebff679cfe3f31b6ea3513852d7ca2f37911054ec7e389
                      • Instruction ID: 0ac4d7e4e5fcc6d7dff06b977ba6ec721aada070936e8b5ea3d97958096fb5e3
                      • Opcode Fuzzy Hash: 78032482f73f5b1371ebff679cfe3f31b6ea3513852d7ca2f37911054ec7e389
                      • Instruction Fuzzy Hash: A241D431B001118BDB28BBBD99116BE36D76FC5248B58846DD402DB3E4EF79CC069BE6
                      Function 025CA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 98 25ca612-25ca695 102 25ca69a-25ca6a3 98->102 103 25ca697 98->103 104 25ca6a8-25ca6b1 102->104 105 25ca6a5 102->105 103->102 106 25ca702-25ca707 104->106 107 25ca6b3-25ca6d7 CreateMutexW 104->107 105->104 106->107 110 25ca709-25ca70e 107->110 111 25ca6d9-25ca6ff 107->111 110->111
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 025CA6B9
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311621824.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25ca000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 4be5aed7b138d855286a1a69047402b8fc52ae89345490a57fcf32a7a9b1e487
                      • Instruction ID: a71da046b7597b61c945003b6bc1741a75d51d9f8b08212eefbf1992a1345469
                      • Opcode Fuzzy Hash: 4be5aed7b138d855286a1a69047402b8fc52ae89345490a57fcf32a7a9b1e487
                      • Instruction Fuzzy Hash: E731C1715093845FE721CB65DC85B96BFF8EF06214F0884AEE9848B292D375A809CB61
                      Function 025CA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 114 25ca361-25ca3cf 117 25ca3d4-25ca3dd 114->117 118 25ca3d1 114->118 119 25ca3df 117->119 120 25ca3e2-25ca3e8 117->120 118->117 119->120 121 25ca3ed-25ca404 120->121 122 25ca3ea 120->122 124 25ca43b-25ca440 121->124 125 25ca406-25ca419 RegQueryValueExW 121->125 122->121 124->125 126 25ca41b-25ca438 125->126 127 25ca442-25ca447 125->127 127->126
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,3CE275DE,00000000,00000000,00000000,00000000), ref: 025CA40C
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311621824.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25ca000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 1858da4ab67005e081328d976b47f9909dcf9e91491a7fa7e868287c31dba508
                      • Instruction ID: 2ebe2cf5a20d6133557caeba0dd92b71ceca252baa8384b1cb4c0c80589a5009
                      • Opcode Fuzzy Hash: 1858da4ab67005e081328d976b47f9909dcf9e91491a7fa7e868287c31dba508
                      • Instruction Fuzzy Hash: 1731BF71504384AFE722CF55CC84F92BFF8EF06614F08849AE9458B292D334E909CB65
                      Function 025CA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 131 25ca462-25ca4c3 134 25ca4c8-25ca4d4 131->134 135 25ca4c5 131->135 136 25ca4d9-25ca4f0 134->136 137 25ca4d6 134->137 135->134 139 25ca527-25ca52c 136->139 140 25ca4f2-25ca505 RegSetValueExW 136->140 137->136 139->140 141 25ca52e-25ca533 140->141 142 25ca507-25ca524 140->142 141->142
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,3CE275DE,00000000,00000000,00000000,00000000), ref: 025CA4F8
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311621824.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25ca000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: b70af85a41f80a0c946b2dfd2a60c0cb19c829464875f2f0fb565431e1481d6d
                      • Instruction ID: b9578354791a87dcacad748efa67e952e5e61ba7125f7caa43717601868f9e2e
                      • Opcode Fuzzy Hash: b70af85a41f80a0c946b2dfd2a60c0cb19c829464875f2f0fb565431e1481d6d
                      • Instruction Fuzzy Hash: 4621B0725043846FDB228F51CD44FA3BFB8EF06224F08849AE985DB652D374E908CBB5
                      Function 025CA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 146 25ca646-25ca695 149 25ca69a-25ca6a3 146->149 150 25ca697 146->150 151 25ca6a8-25ca6b1 149->151 152 25ca6a5 149->152 150->149 153 25ca702-25ca707 151->153 154 25ca6b3-25ca6bb CreateMutexW 151->154 152->151 153->154 156 25ca6c1-25ca6d7 154->156 157 25ca709-25ca70e 156->157 158 25ca6d9-25ca6ff 156->158 157->158
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 025CA6B9
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311621824.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25ca000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 00f0db79535ed81ea7a1f7bd50073b9c68d7fece2d75e6a768185ccb3b05ef22
                      • Instruction ID: 9d33a54ca9d25770a74afd5f008c41b4b4da1f6c6e6b7bb0722cb2974ac48533
                      • Opcode Fuzzy Hash: 00f0db79535ed81ea7a1f7bd50073b9c68d7fece2d75e6a768185ccb3b05ef22
                      • Instruction Fuzzy Hash: C221B0716002049FE720DF65DD85BA6FBE8EF04224F14886EE9458B741E775E809CAA5
                      Function 025CA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 161 25ca392-25ca3cf 163 25ca3d4-25ca3dd 161->163 164 25ca3d1 161->164 165 25ca3df 163->165 166 25ca3e2-25ca3e8 163->166 164->163 165->166 167 25ca3ed-25ca404 166->167 168 25ca3ea 166->168 170 25ca43b-25ca440 167->170 171 25ca406-25ca419 RegQueryValueExW 167->171 168->167 170->171 172 25ca41b-25ca438 171->172 173 25ca442-25ca447 171->173 173->172
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,3CE275DE,00000000,00000000,00000000,00000000), ref: 025CA40C
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311621824.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25ca000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 7830f51e114c295f8a388338ca27d55b3fb6dde138192bba781610c6ceaf54b3
                      • Instruction ID: ff16247ca9fffde58653b3ca7ca178f18c6b12e126ea4f536c0ef79abd7a93ba
                      • Opcode Fuzzy Hash: 7830f51e114c295f8a388338ca27d55b3fb6dde138192bba781610c6ceaf54b3
                      • Instruction Fuzzy Hash: E621AC71600308AFE720CE55CD84FA2FBECEF04624F18886AED458B651E774E909CAB5
                      Function 025CA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 177 25ca486-25ca4c3 179 25ca4c8-25ca4d4 177->179 180 25ca4c5 177->180 181 25ca4d9-25ca4f0 179->181 182 25ca4d6 179->182 180->179 184 25ca527-25ca52c 181->184 185 25ca4f2-25ca505 RegSetValueExW 181->185 182->181 184->185 186 25ca52e-25ca533 185->186 187 25ca507-25ca524 185->187 186->187
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,3CE275DE,00000000,00000000,00000000,00000000), ref: 025CA4F8
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311621824.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25ca000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 54b547b4f6dedaa3fdbc8666ec753b17eb1d2abf185dcae15001ed6a8ed48784
                      • Instruction ID: e222d31d646208e4f4820976c01ecaaab499ad05362fa79f69a77189f675a471
                      • Opcode Fuzzy Hash: 54b547b4f6dedaa3fdbc8666ec753b17eb1d2abf185dcae15001ed6a8ed48784
                      • Instruction Fuzzy Hash: 4111AF76600308AFEB30CE55CD85BA7BBE8EF04614F14886AED459A741E774E908CAB5
                      Function 02601047 Relevance: 1.3, Strings: 1, Instructions: 43COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 191 2601047-2601088 193 260108e-26010ab 191->193
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311701623.0000000002601000.00000040.00000020.00020000.00000000.sdmp, Offset: 02601000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_2601000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID: <
                      • API String ID: 0-4251816714
                      • Opcode ID: 6296223a5b401df7c3cece7bb881e7db120835a78ffffebb3cd28b1f2141e735
                      • Instruction ID: a1053bea9349a75b56a15b8f5170786558ef41e4be61d63bb517249a810c4c76
                      • Opcode Fuzzy Hash: 6296223a5b401df7c3cece7bb881e7db120835a78ffffebb3cd28b1f2141e735
                      • Instruction Fuzzy Hash: 1201D6754493846FD7128F15EC40893BFF8DF46230B0984BBEC48CB652D269A909CB62
                      Function 04EC0080 Relevance: .1, Instructions: 132COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 194 4ec0080-4ec00ad 197 4ec00b8-4ec02f9 194->197
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311999780.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4ec0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5c66eb83e728ceabca3011acd0683db18635fffa2192b4438ffacb337a11f793
                      • Instruction ID: d9bd2f9e9a015653d7786e2976d986f439fc02e5f23dea1412a08d618ded233d
                      • Opcode Fuzzy Hash: 5c66eb83e728ceabca3011acd0683db18635fffa2192b4438ffacb337a11f793
                      • Instruction Fuzzy Hash: E9513E30605A968BC714FF38E985A9A77B2AB8024C784CD79D404CB76EEB385C09DB91
                      Function 04EC0006 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 235 4ec0006-4ec006d 237 4ec0070 call 4ec03bd 235->237 238 4ec0070 call 2601047 235->238 239 4ec0070 call 4ec0310 235->239 240 4ec0070 call 4ec0301 235->240 241 4ec0070 call 260106e 235->241 236 4ec0076 237->236 238->236 239->236 240->236 241->236
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311999780.0000000004EC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EC0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_4ec0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 64c73ddde4b6245a002b51712e15c112f2be18121fce7f96e314e5611f755998
                      • Instruction ID: d8d4aa1913af172e87e122c2d982a03375c39bf104020c49ae2628ec3eff3bd9
                      • Opcode Fuzzy Hash: 64c73ddde4b6245a002b51712e15c112f2be18121fce7f96e314e5611f755998
                      • Instruction Fuzzy Hash: 5E0136A684E3C05FDB434B285CA65953FB09D2311434A45D7D882CF8A3E51D590FDB22
                      Function 0260106E Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 242 260106e-2601088 243 260108e-26010ab 242->243
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311701623.0000000002601000.00000040.00000020.00020000.00000000.sdmp, Offset: 02601000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_2601000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f2080cb0f3fc1af4a760488c787e338ae6883bab88e41bd52c5ef871175e724a
                      • Instruction ID: 1099b6a6c1f57bc1b432a4e091e47853b595de19ea5553df51572b988578d1ce
                      • Opcode Fuzzy Hash: f2080cb0f3fc1af4a760488c787e338ae6883bab88e41bd52c5ef871175e724a
                      • Instruction Fuzzy Hash: 6AE092BA6006044BD750DF0AED41452F7E8EB84630718C47FDC0D8BB01E675B508CEA5
                      Function 025C23F4 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 244 25c23f4-25c23ff 245 25c2401-25c240e 244->245 246 25c2412-25c2417 244->246 245->246 247 25c2419 246->247 248 25c241a 246->248 249 25c2420-25c2421 248->249
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311610007.00000000025C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C2000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25c2000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: db218378c9d6793c47f7edfbb0b262e620c0d4def24a1b5aac1e47bbf52426f7
                      • Instruction ID: dc20adf6021e23b18afefdd15e421c31e0a6112134cab4416d5e397d3c9ffb8a
                      • Opcode Fuzzy Hash: db218378c9d6793c47f7edfbb0b262e620c0d4def24a1b5aac1e47bbf52426f7
                      • Instruction Fuzzy Hash: F3D02E3A2006C04FD3228B0CC2A4B893BE4BB40708F0A04FDAC00CB763C738D480C200
                      Function 025C23BC Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 250 25c23bc-25c23c3 251 25c23c5-25c23d2 250->251 252 25c23d6-25c23db 250->252 251->252 253 25c23dd-25c23e0 252->253 254 25c23e1 252->254 255 25c23e7-25c23e8 254->255
                      Memory Dump Source
                      • Source File: 00000008.00000002.2311610007.00000000025C2000.00000040.00000800.00020000.00000000.sdmp, Offset: 025C2000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_25c2000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 98727610270f08e344548faf394f5a15329b783a6a7b063ea9803d0db9939b9b
                      • Instruction ID: 791fd60a2d01ba5c4fdf0017e25ab77f07b179abdac384bcdc6afa770c5c50cb
                      • Opcode Fuzzy Hash: 98727610270f08e344548faf394f5a15329b783a6a7b063ea9803d0db9939b9b
                      • Instruction Fuzzy Hash: 1CD05E343102814FC725DA0CC2D4F593BD4BB40B18F1644ECAC10CB762D7A9D8C0DA00

                      Execution Graph

                      Execution Coverage:13.6%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:12
                      Total number of Limit Nodes:0
                      execution_graph 651 2bfa646 652 2bfa67e CreateMutexW 651->652 654 2bfa6c1 652->654 659 2bfa612 661 2bfa646 CreateMutexW 659->661 662 2bfa6c1 661->662 663 2bfa462 665 2bfa486 RegSetValueExW 663->665 666 2bfa507 665->666 667 2bfa361 670 2bfa392 RegQueryValueExW 667->670 669 2bfa41b 670->669

                      Callgraph

                      Executed Functions

                      Function 02BFA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 2bfa612-2bfa695 4 2bfa69a-2bfa6a3 0->4 5 2bfa697 0->5 6 2bfa6a8-2bfa6b1 4->6 7 2bfa6a5 4->7 5->4 8 2bfa6b3-2bfa6d7 CreateMutexW 6->8 9 2bfa702-2bfa707 6->9 7->6 12 2bfa709-2bfa70e 8->12 13 2bfa6d9-2bfa6ff 8->13 9->8 12->13
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 02BFA6B9
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393763141.0000000002BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bfa000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: c280182d37b7d3d7c8035f25b212c39ee3a213fa796af5656006af580e35dcc1
                      • Instruction ID: a422e7df987218ab0a5beda177516b177fe82fab0147c172224fe467505b994b
                      • Opcode Fuzzy Hash: c280182d37b7d3d7c8035f25b212c39ee3a213fa796af5656006af580e35dcc1
                      • Instruction Fuzzy Hash: 1B3193755093806FE721CB25DD85B96FFF8EF06214F08849AE984CB292D375E909C761
                      Function 02BFA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 16 2bfa361-2bfa3cf 19 2bfa3d4-2bfa3dd 16->19 20 2bfa3d1 16->20 21 2bfa3df 19->21 22 2bfa3e2-2bfa3e8 19->22 20->19 21->22 23 2bfa3ed-2bfa404 22->23 24 2bfa3ea 22->24 26 2bfa43b-2bfa440 23->26 27 2bfa406-2bfa419 RegQueryValueExW 23->27 24->23 26->27 28 2bfa41b-2bfa438 27->28 29 2bfa442-2bfa447 27->29 29->28
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,CC82DD64,00000000,00000000,00000000,00000000), ref: 02BFA40C
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393763141.0000000002BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bfa000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 6ec1ec9def39c5b051ec2707fb1bba0f3fe38e549fcf9d0bb0f01e24e71f832d
                      • Instruction ID: 5bdda7244f209c56d8288d3eec5b3ddab8aeb96110a94258fb469db8e450af6a
                      • Opcode Fuzzy Hash: 6ec1ec9def39c5b051ec2707fb1bba0f3fe38e549fcf9d0bb0f01e24e71f832d
                      • Instruction Fuzzy Hash: EA318E75508784AFE722CF15CC84F92BBF8EF06214F0884DAE9859B292D334E90DCB61
                      Function 02BFA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 33 2bfa462-2bfa4c3 36 2bfa4c8-2bfa4d4 33->36 37 2bfa4c5 33->37 38 2bfa4d9-2bfa4f0 36->38 39 2bfa4d6 36->39 37->36 41 2bfa527-2bfa52c 38->41 42 2bfa4f2-2bfa505 RegSetValueExW 38->42 39->38 41->42 43 2bfa52e-2bfa533 42->43 44 2bfa507-2bfa524 42->44 43->44
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,CC82DD64,00000000,00000000,00000000,00000000), ref: 02BFA4F8
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393763141.0000000002BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bfa000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 00cdaba9e7aec27b6daefbf4436bdb08fc60fb567eef0df89b729876421b1750
                      • Instruction ID: e26e39e6972cc69dba57126fdface68f074012bdf56b2f1b361c7d7cffd16b99
                      • Opcode Fuzzy Hash: 00cdaba9e7aec27b6daefbf4436bdb08fc60fb567eef0df89b729876421b1750
                      • Instruction Fuzzy Hash: B121B0721043806FD7228F11DD44FA3BFB8EF06224F08849AE989DB652C374E908CBB1
                      Function 02BFA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 48 2bfa646-2bfa695 51 2bfa69a-2bfa6a3 48->51 52 2bfa697 48->52 53 2bfa6a8-2bfa6b1 51->53 54 2bfa6a5 51->54 52->51 55 2bfa6b3-2bfa6bb CreateMutexW 53->55 56 2bfa702-2bfa707 53->56 54->53 58 2bfa6c1-2bfa6d7 55->58 56->55 59 2bfa709-2bfa70e 58->59 60 2bfa6d9-2bfa6ff 58->60 59->60
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 02BFA6B9
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393763141.0000000002BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bfa000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 38c08d5843907964c590d78a976a9b17d5ebf8c153511969c01c84b5442b0755
                      • Instruction ID: dfadba1f8a26ef365857e0896c6f0f278644fcb82955242ea0b51f03d8413168
                      • Opcode Fuzzy Hash: 38c08d5843907964c590d78a976a9b17d5ebf8c153511969c01c84b5442b0755
                      • Instruction Fuzzy Hash: 2821C571600204AFE720CF29DD85BA6FBE8EF04314F04C8AAE9488B741D775E408CB71
                      Function 02BFA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 63 2bfa392-2bfa3cf 65 2bfa3d4-2bfa3dd 63->65 66 2bfa3d1 63->66 67 2bfa3df 65->67 68 2bfa3e2-2bfa3e8 65->68 66->65 67->68 69 2bfa3ed-2bfa404 68->69 70 2bfa3ea 68->70 72 2bfa43b-2bfa440 69->72 73 2bfa406-2bfa419 RegQueryValueExW 69->73 70->69 72->73 74 2bfa41b-2bfa438 73->74 75 2bfa442-2bfa447 73->75 75->74
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,CC82DD64,00000000,00000000,00000000,00000000), ref: 02BFA40C
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393763141.0000000002BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bfa000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 96b4a0973aef676dd41cd7df1147ba011c9e23a27e6236ee5dd4d3e88ed9f754
                      • Instruction ID: d34f9c862c7ba90af0fdd4b2c5e77faaca39fb7aa0f08c7a9d120b1d20e322f7
                      • Opcode Fuzzy Hash: 96b4a0973aef676dd41cd7df1147ba011c9e23a27e6236ee5dd4d3e88ed9f754
                      • Instruction Fuzzy Hash: 29216A75600704AFE760CE15CD84FA6B7ECEF04624F08C4AAEE499B651D774E90DCAB1
                      Function 02BFA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 79 2bfa486-2bfa4c3 81 2bfa4c8-2bfa4d4 79->81 82 2bfa4c5 79->82 83 2bfa4d9-2bfa4f0 81->83 84 2bfa4d6 81->84 82->81 86 2bfa527-2bfa52c 83->86 87 2bfa4f2-2bfa505 RegSetValueExW 83->87 84->83 86->87 88 2bfa52e-2bfa533 87->88 89 2bfa507-2bfa524 87->89 88->89
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,CC82DD64,00000000,00000000,00000000,00000000), ref: 02BFA4F8
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393763141.0000000002BFA000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BFA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bfa000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 1f25b4bc8580c9942d6c309ff48d42ba446a7c14c03e652c4d836bcf6a578d17
                      • Instruction ID: 9685f640a1dc031a6859824894d0396e671ed6ba62868b93852355fd4687ee5d
                      • Opcode Fuzzy Hash: 1f25b4bc8580c9942d6c309ff48d42ba446a7c14c03e652c4d836bcf6a578d17
                      • Instruction Fuzzy Hash: 5B11AF76500704AFE730CE15DD45BA7BBE8EF04614F0884AAEE499A742D374E508CAB1
                      Function 054F0310 Relevance: .2, Instructions: 190COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 93 54f0310-54f0334 96 54f033e-54f0346 93->96 97 54f0336-54f0338 93->97 98 54f034e-54f0366 96->98 99 54f0348-54f034d 96->99 97->96 101 54f036a-54f0391 98->101 102 54f0368-54f0369 98->102 104 54f03d8-54f0418 101->104 105 54f0393-54f03ce 101->105 102->101 112 54f041f-54f0434 104->112 113 54f041a 104->113 105->104 115 54f046b-54f0523 112->115 116 54f0436-54f0460 112->116 113->112 135 54f0525-54f0569 115->135 136 54f0570-54f0587 115->136 116->115 135->136 137 54f058d-54f05bf 136->137 138 54f0880 136->138 137->138
                      Memory Dump Source
                      • Source File: 00000009.00000002.2398106188.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_54f0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c4c177946be10f6f3f32c5c12c2f4da307e7f93eb63a52305fd20d3f3d4e1e16
                      • Instruction ID: c934969e3feb41ce12ce76d4a3ec51f6d4bb7c2361305def93517f1aea9095ac
                      • Opcode Fuzzy Hash: c4c177946be10f6f3f32c5c12c2f4da307e7f93eb63a52305fd20d3f3d4e1e16
                      • Instruction Fuzzy Hash: 46513230B402008FC718EB7DA455ABE77DBABC420475484AAE506CB7E4DF7DCC8687A2
                      Function 054F03BD Relevance: .1, Instructions: 135COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 149 54f03bd-54f0418 157 54f041f-54f0434 149->157 158 54f041a 149->158 160 54f046b-54f0523 157->160 161 54f0436-54f0460 157->161 158->157 180 54f0525-54f0569 160->180 181 54f0570-54f0587 160->181 161->160 180->181 182 54f058d-54f05bf 181->182 183 54f0880 181->183 182->183
                      Memory Dump Source
                      • Source File: 00000009.00000002.2398106188.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_54f0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4d99f3a63bd0de98049d10b45e7cba7b45fa74140d61c6101c3bddc2e6847ed6
                      • Instruction ID: 83edd456990e31562eaaa836d99ca73e149dccae94b4bcf7da6b97a224d0e6d3
                      • Opcode Fuzzy Hash: 4d99f3a63bd0de98049d10b45e7cba7b45fa74140d61c6101c3bddc2e6847ed6
                      • Instruction Fuzzy Hash: D1414431F401104FDB18A77DA4556BE32DB9FC424875484AED406CBBE4DF6D8C4687A2
                      Function 054F0080 Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 194 54f0080-54f00ad 197 54f00b8-54f02f9 194->197
                      Memory Dump Source
                      • Source File: 00000009.00000002.2398106188.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_54f0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d208df671c390ba470a46ca80c4c37efefa641a1c472ee30117cbe58c4d9ca30
                      • Instruction ID: d1f0751e547cd48c85f2e415b0ad1f54eb66947081b2e01fdc657f9115a29ead
                      • Opcode Fuzzy Hash: d208df671c390ba470a46ca80c4c37efefa641a1c472ee30117cbe58c4d9ca30
                      • Instruction Fuzzy Hash: 5B516230F07246CFC718DB3DF589D5977A3EB90249380C8A9D4448B669DB7C5C59CBA1
                      Function 054F0006 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 235 54f0006-54f0062 237 54f0066-54f006b 235->237 238 54f0064 235->238 240 54f0070 call 54f03bd 237->240 241 54f0070 call 2c01047 237->241 242 54f0070 call 54f0301 237->242 243 54f0070 call 2c0106e 237->243 244 54f0070 call 54f0310 237->244 238->237 239 54f0076 240->239 241->239 242->239 243->239 244->239
                      Memory Dump Source
                      • Source File: 00000009.00000002.2398106188.00000000054F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 054F0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_54f0000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 565b3eebd468a63510af15bf2411dd9430131e2e4850d183fc39220ae3aed596
                      • Instruction ID: 9dc72788eaa6a24f1c05477b7c50f1f5da2bedecc56cbfc6c364ebe3bd921219
                      • Opcode Fuzzy Hash: 565b3eebd468a63510af15bf2411dd9430131e2e4850d183fc39220ae3aed596
                      • Instruction Fuzzy Hash: 7B01ABA688EBC55FD7034368AC76A963F70AE9325470F44D3D084CF9A3E108499AD372
                      Function 02C01047 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 245 2c01047-2c01088 247 2c0108e-2c010ab 245->247
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393805782.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2c01000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4a788050ddde672e9d33e3179fc158833a415f200ed3e29bc73a3018cd944ff8
                      • Instruction ID: c4b5a0cdd2492972047d40af500602707557c3d34f243fa0dbd43e7201a1cfa5
                      • Opcode Fuzzy Hash: 4a788050ddde672e9d33e3179fc158833a415f200ed3e29bc73a3018cd944ff8
                      • Instruction Fuzzy Hash: 6B01DBB65097805FD7128B15EC40862FFF8DF86230709C4EFEC49CB652D265A908CB71
                      Function 02C0106E Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 248 2c0106e-2c01088 249 2c0108e-2c010ab 248->249
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393805782.0000000002C01000.00000040.00000020.00020000.00000000.sdmp, Offset: 02C01000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2c01000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: db1baed0fdd84aeee407ff9773a6b994f593355f297782319d1304a5dbde6ee9
                      • Instruction ID: 417faec194da5cb53af2e783dfba9029c2b929e6c0bbc12fc3997e6d2fa40ce6
                      • Opcode Fuzzy Hash: db1baed0fdd84aeee407ff9773a6b994f593355f297782319d1304a5dbde6ee9
                      • Instruction Fuzzy Hash: 24E092BA6046004B9750CF0BFD41452F7D8EB84630708C47FDC0D8B701E275B508CAE5
                      Function 02BF23F4 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 250 2bf23f4-2bf23ff 251 2bf2412-2bf2417 250->251 252 2bf2401-2bf240e 250->252 253 2bf241a 251->253 254 2bf2419 251->254 252->251 255 2bf2420-2bf2421 253->255
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393752824.0000000002BF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF2000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bf2000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4dea4d246145f15e41013694e1ced564073b6d2e5b7118cb3c1574ea337fa91f
                      • Instruction ID: 25728879c6f6a6151d36e56f1a13ac6c2aaa90aeb2032a90aa710a0b201b9d19
                      • Opcode Fuzzy Hash: 4dea4d246145f15e41013694e1ced564073b6d2e5b7118cb3c1574ea337fa91f
                      • Instruction Fuzzy Hash: 79D02E392006C04FD3238B0CC2A5B8937D4AB40708F0A04FAAC00CF763C7A8D484C210
                      Function 02BF23BC Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 256 2bf23bc-2bf23c3 257 2bf23d6-2bf23db 256->257 258 2bf23c5-2bf23d2 256->258 259 2bf23dd-2bf23e0 257->259 260 2bf23e1 257->260 258->257 261 2bf23e7-2bf23e8 260->261
                      Memory Dump Source
                      • Source File: 00000009.00000002.2393752824.0000000002BF2000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BF2000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_9_2_2bf2000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e3e02f9a4ef2ae3e792231b800e708955477b2294f3108878d3b9d069122ca20
                      • Instruction ID: 895e9383bb571f6f2b71daa2f1665f20a7499a4c52c4d52b290dcdd1051aa1ed
                      • Opcode Fuzzy Hash: e3e02f9a4ef2ae3e792231b800e708955477b2294f3108878d3b9d069122ca20
                      • Instruction Fuzzy Hash: 49D05E742006814FC725DA0CC2D4F5937D4AB40718F0684E8AC108B762C7B9D8C8DA00

                      Execution Graph

                      Execution Coverage:8.2%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:19
                      Total number of Limit Nodes:1
                      execution_graph 683 18ba74e 684 18ba77a CloseHandle 683->684 686 18ba7b9 683->686 685 18ba788 684->685 686->684 699 18ba612 700 18ba646 CreateMutexW 699->700 702 18ba6c1 700->702 707 18ba462 709 18ba486 RegSetValueExW 707->709 710 18ba507 709->710 711 18ba361 712 18ba392 RegQueryValueExW 711->712 714 18ba41b 712->714 703 18ba710 705 18ba74e CloseHandle 703->705 706 18ba788 705->706 695 18ba646 696 18ba67e CreateMutexW 695->696 698 18ba6c1 696->698

                      Callgraph

                      Executed Functions

                      Function 018BA612 Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 18ba612-18ba695 4 18ba69a-18ba6a3 0->4 5 18ba697 0->5 6 18ba6a8-18ba6b1 4->6 7 18ba6a5 4->7 5->4 8 18ba6b3-18ba6d7 CreateMutexW 6->8 9 18ba702-18ba707 6->9 7->6 12 18ba709-18ba70e 8->12 13 18ba6d9-18ba6ff 8->13 9->8 12->13
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 018BA6B9
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: f8b9b4a7dbe7ddc7566d2102a13a94f421924bf0dcc8eaeddef50325331f35b2
                      • Instruction ID: 5cb55e52c35dab6963bdf134eb6486821a5a070eae127266d5e98a48e5559329
                      • Opcode Fuzzy Hash: f8b9b4a7dbe7ddc7566d2102a13a94f421924bf0dcc8eaeddef50325331f35b2
                      • Instruction Fuzzy Hash: 433193B15093805FE722CB25DD85B96BFF8EF06314F0884AAE984CB293D375E909C761
                      Function 018BA361 Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 16 18ba361-18ba3cf 19 18ba3d1 16->19 20 18ba3d4-18ba3dd 16->20 19->20 21 18ba3df 20->21 22 18ba3e2-18ba3e8 20->22 21->22 23 18ba3ea 22->23 24 18ba3ed-18ba404 22->24 23->24 26 18ba43b-18ba440 24->26 27 18ba406-18ba419 RegQueryValueExW 24->27 26->27 28 18ba41b-18ba438 27->28 29 18ba442-18ba447 27->29 29->28
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,AD6F428B,00000000,00000000,00000000,00000000), ref: 018BA40C
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: 57155da5bb35d3bb3923ea16781e0569972d40ff0ee2d6f75c6a01c5ab73b2c9
                      • Instruction ID: 107a6eb30aa15e4d72f76d41fbfa0af14df4456495d97be8c3efbd4c5d1d33ed
                      • Opcode Fuzzy Hash: 57155da5bb35d3bb3923ea16781e0569972d40ff0ee2d6f75c6a01c5ab73b2c9
                      • Instruction Fuzzy Hash: B2317F75505740AFE722CB15CC84BA2BBF8EF06710F08849AE945DB292D364E909CB61
                      Function 018BA462 Relevance: 1.6, APIs: 1, Instructions: 77registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 33 18ba462-18ba4c3 36 18ba4c8-18ba4d4 33->36 37 18ba4c5 33->37 38 18ba4d9-18ba4f0 36->38 39 18ba4d6 36->39 37->36 41 18ba4f2-18ba505 RegSetValueExW 38->41 42 18ba527-18ba52c 38->42 39->38 43 18ba52e-18ba533 41->43 44 18ba507-18ba524 41->44 42->41 43->44
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,AD6F428B,00000000,00000000,00000000,00000000), ref: 018BA4F8
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: e6e75490cb99eafb29e2140b28cc0ed8387f60147cbd50c1790484c372250d75
                      • Instruction ID: 5dbe21d43b2860ff1991558a4115500c19b8fab846f28378ed3ba072c48f86ca
                      • Opcode Fuzzy Hash: e6e75490cb99eafb29e2140b28cc0ed8387f60147cbd50c1790484c372250d75
                      • Instruction Fuzzy Hash: 52218E725043806FE7228F55DD84FA7BFB8EF46220F08849AE985DB652D374E948CB71
                      Function 018BA646 Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 48 18ba646-18ba695 51 18ba69a-18ba6a3 48->51 52 18ba697 48->52 53 18ba6a8-18ba6b1 51->53 54 18ba6a5 51->54 52->51 55 18ba6b3-18ba6bb CreateMutexW 53->55 56 18ba702-18ba707 53->56 54->53 57 18ba6c1-18ba6d7 55->57 56->55 59 18ba709-18ba70e 57->59 60 18ba6d9-18ba6ff 57->60 59->60
                      APIs
                      • CreateMutexW.KERNELBASE(?,?), ref: 018BA6B9
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: CreateMutex
                      • String ID:
                      • API String ID: 1964310414-0
                      • Opcode ID: 31e55667113a27e22852a30ffc5a3777c39beaeba339647e3c6a11103ab2c45d
                      • Instruction ID: 94486f304622695cd5deb3e457a6aa4176c73e9b224d57bb8db6d4e8b1199afb
                      • Opcode Fuzzy Hash: 31e55667113a27e22852a30ffc5a3777c39beaeba339647e3c6a11103ab2c45d
                      • Instruction Fuzzy Hash: 0821C2B16042049FE720CF29DD85BA6FBE8EF45324F04886AE945CB742D775E508CA71
                      Function 018BA392 Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 63 18ba392-18ba3cf 65 18ba3d1 63->65 66 18ba3d4-18ba3dd 63->66 65->66 67 18ba3df 66->67 68 18ba3e2-18ba3e8 66->68 67->68 69 18ba3ea 68->69 70 18ba3ed-18ba404 68->70 69->70 72 18ba43b-18ba440 70->72 73 18ba406-18ba419 RegQueryValueExW 70->73 72->73 74 18ba41b-18ba438 73->74 75 18ba442-18ba447 73->75 75->74
                      APIs
                      • RegQueryValueExW.KERNELBASE(?,00000E24,AD6F428B,00000000,00000000,00000000,00000000), ref: 018BA40C
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: QueryValue
                      • String ID:
                      • API String ID: 3660427363-0
                      • Opcode ID: c1f648cf832f3f623d1cdeb88586cd001e1a1942dc3feff00506ee61fcaa9ca9
                      • Instruction ID: 67a3c3e38265226f034ef4506916ded271c005275dac79537fb20c07697377e1
                      • Opcode Fuzzy Hash: c1f648cf832f3f623d1cdeb88586cd001e1a1942dc3feff00506ee61fcaa9ca9
                      • Instruction Fuzzy Hash: EA216D756006049EE731CE19CDC4FA6BBECEF08714F04846AE945DB751D7B4E909CAB1
                      Function 018BA486 Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 79 18ba486-18ba4c3 81 18ba4c8-18ba4d4 79->81 82 18ba4c5 79->82 83 18ba4d9-18ba4f0 81->83 84 18ba4d6 81->84 82->81 86 18ba4f2-18ba505 RegSetValueExW 83->86 87 18ba527-18ba52c 83->87 84->83 88 18ba52e-18ba533 86->88 89 18ba507-18ba524 86->89 87->86 88->89
                      APIs
                      • RegSetValueExW.KERNELBASE(?,00000E24,AD6F428B,00000000,00000000,00000000,00000000), ref: 018BA4F8
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: Value
                      • String ID:
                      • API String ID: 3702945584-0
                      • Opcode ID: 9d9b63aaa308dd40dc018cca1d2496e0c64d4e517dd83ecd2dfad356e1f997fd
                      • Instruction ID: 78c107db7fc03a5e602158c71b2d9ad4205837d455fc843cdc1cb329d2f425df
                      • Opcode Fuzzy Hash: 9d9b63aaa308dd40dc018cca1d2496e0c64d4e517dd83ecd2dfad356e1f997fd
                      • Instruction Fuzzy Hash: FD11AF72500704AFE731CE59CD85BAABBECEF04714F04846AE945DB752D374EA088AB1
                      Function 018BA710 Relevance: 1.3, APIs: 1, Instructions: 69COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 93 18ba710-18ba778 95 18ba77a-18ba79a CloseHandle 93->95 96 18ba7b9-18ba7be 93->96 99 18ba79c-18ba7b8 95->99 100 18ba7c0-18ba7c5 95->100 96->95 100->99
                      APIs
                      • CloseHandle.KERNELBASE(?), ref: 018BA780
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: d2da5d91cf171973cabe3bb4a5d9d8f582511363befd78d58f12f74cf7ca65b6
                      • Instruction ID: 3a233b04fe8e0d459d804690b4f37193fc1567997cd1d3a26c709be695d41e83
                      • Opcode Fuzzy Hash: d2da5d91cf171973cabe3bb4a5d9d8f582511363befd78d58f12f74cf7ca65b6
                      • Instruction Fuzzy Hash: BD21D1B55083809FD7028F25DC85751BFB8EF02324F0984EBDC858B293D235A909CB62
                      Function 018BA74E Relevance: 1.3, APIs: 1, Instructions: 43COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 102 18ba74e-18ba778 103 18ba77a-18ba782 CloseHandle 102->103 104 18ba7b9-18ba7be 102->104 105 18ba788-18ba79a 103->105 104->103 107 18ba79c-18ba7b8 105->107 108 18ba7c0-18ba7c5 105->108 108->107
                      APIs
                      • CloseHandle.KERNELBASE(?), ref: 018BA780
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486271881.00000000018BA000.00000040.00000800.00020000.00000000.sdmp, Offset: 018BA000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18ba000_svchost.jbxd
                      Similarity
                      • API ID: CloseHandle
                      • String ID:
                      • API String ID: 2962429428-0
                      • Opcode ID: a1a2b1330cada067e20caf27d2a8120810f565cadf0ec039ae30563454d271e5
                      • Instruction ID: 88c798e4f0aabb99ef25ea29e1cc1fcda98148f19bb6b6afb0fbf29d9e5d6408
                      • Opcode Fuzzy Hash: a1a2b1330cada067e20caf27d2a8120810f565cadf0ec039ae30563454d271e5
                      • Instruction Fuzzy Hash: 30019A716082049FDB10CF29D9847A6BBA4EF04324F08C4AADC4A8B742D279A5188AA2
                      Function 05B50310 Relevance: .2, Instructions: 194COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 110 5b50310-5b50334 112 5b50336-5b50338 110->112 113 5b5033e-5b50346 110->113 112->113 114 5b5034e-5b5035c 113->114 115 5b50348-5b5034d 113->115 117 5b50362-5b50391 114->117 118 5b5035e-5b50360 114->118 120 5b50393-5b503bb 117->120 121 5b503d8-5b503ff 117->121 118->117 126 5b503ce 120->126 127 5b5040a-5b50418 121->127 126->121 128 5b5041f-5b50434 127->128 129 5b5041a 127->129 131 5b50436-5b50460 128->131 132 5b5046b-5b50523 128->132 129->128 131->132 151 5b50525-5b50569 132->151 152 5b50570-5b50587 132->152 151->152 153 5b50880 152->153 154 5b5058d-5b505bf 152->154 154->153
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486900340.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_5b50000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b96cddbcc8154e0462ddcbb04d53d4493050bd4a843ddfae6c7ef43383d2866f
                      • Instruction ID: 2dd16382bebf58890d853eeb80ebe8d2d40bf824a3a8e9deb45b0e2efb4ea6fe
                      • Opcode Fuzzy Hash: b96cddbcc8154e0462ddcbb04d53d4493050bd4a843ddfae6c7ef43383d2866f
                      • Instruction Fuzzy Hash: AB51EE317042048FD728EB3994146AE37E7ABD5344B548469E806CB3E4DF3ADD4787A2
                      Function 05B503BD Relevance: .1, Instructions: 135COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 165 5b503bd-5b50418 173 5b5041f-5b50434 165->173 174 5b5041a 165->174 176 5b50436-5b50460 173->176 177 5b5046b-5b50523 173->177 174->173 176->177 196 5b50525-5b50569 177->196 197 5b50570-5b50587 177->197 196->197 198 5b50880 197->198 199 5b5058d-5b505bf 197->199 199->198
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486900340.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_5b50000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: de7b58a60431944eb519bc070fe5032312cb4074deff51e489610d48ac3560e1
                      • Instruction ID: ce8ff781103e3e168b81a951f64585ad643809cb22392693661731df64bc7db4
                      • Opcode Fuzzy Hash: de7b58a60431944eb519bc070fe5032312cb4074deff51e489610d48ac3560e1
                      • Instruction Fuzzy Hash: 1F410031B001158BCB28AB7D90146BD32D7AFD5248754846EE802DB3E0EF3E9E0787A2
                      Function 05B50080 Relevance: .1, Instructions: 130COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 210 5b50080-5b500ad 213 5b500b8-5b502f9 210->213
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486900340.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_5b50000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 45512396fd97e8337b7427969cfffbef84bd8030cfc3b6013578e9af86111842
                      • Instruction ID: 5de8b960c4cad683a3bb6c6c87af0ae8273b9668ff662312343b7032104931f3
                      • Opcode Fuzzy Hash: 45512396fd97e8337b7427969cfffbef84bd8030cfc3b6013578e9af86111842
                      • Instruction Fuzzy Hash: 1E5102392052458BC724DB38E545A8D77F2FFE1288340C96DE4048B7A9EB3D5D4BCBA1
                      Function 05B50006 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 251 5b50006-5b50076
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486900340.0000000005B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_5b50000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 552c7f69db25a61b2d1eed2c2bb7329bde1ed680e56957708dc7a8e9f170b647
                      • Instruction ID: 57a19a39a3498a8c8c807a53f2282ff606b00a9cf08819e9f9e9d7fede1d0eb1
                      • Opcode Fuzzy Hash: 552c7f69db25a61b2d1eed2c2bb7329bde1ed680e56957708dc7a8e9f170b647
                      • Instruction Fuzzy Hash: 350145A284E7C08FD7134B709861A913F75AF23268B5B11DBD4C1CF5B3E16D1A0AC762
                      Function 0340104C Relevance: .0, Instructions: 43COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 252 340104c-340106b 253 340106e-3401088 252->253 254 340108e-34010ab 253->254
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486651440.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a6221f8ec38da9c8be53761a466ede2d56184d03e6a808c5bdfb2117a5b43c63
                      • Instruction ID: d3727c5d5b8adcbd92db42ce13d97b35c470e6a1644e5efae87934fba4ba861c
                      • Opcode Fuzzy Hash: a6221f8ec38da9c8be53761a466ede2d56184d03e6a808c5bdfb2117a5b43c63
                      • Instruction Fuzzy Hash: 3B01A9B55497805FC7528F15AC40853BFF8EF8623070984BBEC49CB612D165B919CB71
                      Function 0340106E Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 255 340106e-3401088 256 340108e-34010ab 255->256
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486651440.0000000003401000.00000040.00000020.00020000.00000000.sdmp, Offset: 03401000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_3401000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f9992064018e841a80f8019948f15dc1121241b8b0e720e3cca0e0fb494b7a28
                      • Instruction ID: 9652270ff4c8444782779f2db67a3e149ed422e6a0c7342b9f412af82d225b05
                      • Opcode Fuzzy Hash: f9992064018e841a80f8019948f15dc1121241b8b0e720e3cca0e0fb494b7a28
                      • Instruction Fuzzy Hash: 6FE092BA6046004B9650CF0AEC41466F7D8EB88630708C47FDC0D8BB01E275B508CAA5
                      Function 018B23F4 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 257 18b23f4-18b23ff 258 18b2412-18b2417 257->258 259 18b2401-18b240e 257->259 260 18b241a 258->260 261 18b2419 258->261 259->258 262 18b2420-18b2421 260->262
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486247295.00000000018B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B2000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18b2000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f0c7a271c5b568a5f0d918cf7beb6ae6eadff81ffc61d2dbd7dc47003d4891ae
                      • Instruction ID: 5766b01061e9f1267ce7989f07f82877db1a0db7f691d309ba205da92b1e1d25
                      • Opcode Fuzzy Hash: f0c7a271c5b568a5f0d918cf7beb6ae6eadff81ffc61d2dbd7dc47003d4891ae
                      • Instruction Fuzzy Hash: 63D0C7392006804EE322CA0CC2E4BCA3BA4AB40708F0A04B9A800CBB62C728E680C200
                      Function 018B23BC Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.2486247295.00000000018B2000.00000040.00000800.00020000.00000000.sdmp, Offset: 018B2000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_18b2000_svchost.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c4f76c8af11c7a1ba073140ca23e8c9d68cdb7d49b8fec1ca5420bdf48291de
                      • Instruction ID: a246cdc7a7bc6943139e027ee66003db228e907f2e6727dff608b8e827d0d83b
                      • Opcode Fuzzy Hash: 9c4f76c8af11c7a1ba073140ca23e8c9d68cdb7d49b8fec1ca5420bdf48291de
                      • Instruction Fuzzy Hash: 7ED05E342012814BD725DA0CC2D4F993BD5AB48714F0644E8AC10CB772C7A9E9C0DA10