Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe

Overview

General Information

Sample name:#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
renamed because original name is a hash value
Original sample name: 11.12.2024.exe
Analysis ID:1576072
MD5:1edaba9f8d91ad001893722fe5c3ec3b
SHA1:1bc10e6c9ba39c6dcce671e83479db4c22c3d00a
SHA256:717a77357b194172da9212b29de15aa4405c3503dedddc2457dc97e196aedb93
Tags:exeuser-adrian__luca
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected RedLine Stealer
.NET source code contains potential unpacker
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

  • System is w10x64
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as a standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer
{"C2 url": ["87.120.120.86:1912"], "Bot Id": "LOGS", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      SourceRuleDescriptionAuthorStrings
      00000004.00000002.1470193472.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.1320945991.0000000003B69000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
          00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 5 entries
                SourceRuleDescriptionAuthorStrings
                0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.478c128.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.478c128.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    4.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      No Sigma rule has matched
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-16T14:08:11.440191+010020432341A Network Trojan was detected87.120.120.861912192.168.2.1149709TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-16T14:08:10.983002+010020432311A Network Trojan was detected192.168.2.114970987.120.120.861912TCP
                      2024-12-16T14:08:16.488182+010020432311A Network Trojan was detected192.168.2.114970987.120.120.861912TCP
                      2024-12-16T14:08:20.426775+010020432311A Network Trojan was detected192.168.2.114970987.120.120.861912TCP
                      2024-12-16T14:08:20.868039+010020432311A Network Trojan was detected192.168.2.114970987.120.120.861912TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-16T14:08:16.883722+010020460561A Network Trojan was detected87.120.120.861912192.168.2.1149709TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-16T14:08:10.983002+010020460451A Network Trojan was detected192.168.2.114970987.120.120.861912TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": ["87.120.120.86:1912"], "Bot Id": "LOGS", "Authorization Header": "c74790bd166600f1f665c8ce201776eb"}
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeReversingLabs: Detection: 68%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeJoe Sandbox ML: detected
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4x nop then jmp 08192453h4_2_08192220
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4x nop then jmp 08190D0Dh4_2_08190CEC
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4x nop then jmp 08194671h4_2_08194659

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2043231 - Severity 1 - ET MALWARE Redline Stealer TCP CnC Activity : 192.168.2.11:49709 -> 87.120.120.86:1912
                      Source: Network trafficSuricata IDS: 2046045 - Severity 1 - ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization) : 192.168.2.11:49709 -> 87.120.120.86:1912
                      Source: Network trafficSuricata IDS: 2043234 - Severity 1 - ET MALWARE Redline Stealer TCP CnC - Id1Response : 87.120.120.86:1912 -> 192.168.2.11:49709
                      Source: Network trafficSuricata IDS: 2046056 - Severity 1 - ET MALWARE Redline Stealer/MetaStealer Family Activity (Response) : 87.120.120.86:1912 -> 192.168.2.11:49709
                      Source: Malware configuration extractorURLs: 87.120.120.86:1912
                      Source: global trafficTCP traffic: 192.168.2.11:49709 -> 87.120.120.86:1912
                      Source: Joe Sandbox ViewASN Name: UNACS-AS-BG8000BurgasBG UNACS-AS-BG8000BurgasBG
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: unknownTCP traffic detected without corresponding DNS query: 87.120.120.86
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1470599338.00000000012BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://purl.oen
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rmX
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id10Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id11Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id12Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id13Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id14Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id15Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id16Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id17Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id18Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id19Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id1ResponseD
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id20Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id21Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id22Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.000000000324A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id23ResponseD
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id24Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id2ResponseD
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.000000000324A000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.000000000324A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id3ResponseD
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id4Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id5Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id6Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id7Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id8Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Entity/Id9Response
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1470193472.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_00D0D74C0_2_00D0D74C
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_0556CECC0_2_0556CECC
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_0556E1700_2_0556E170
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_055650600_2_05565060
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_0556CEC80_2_0556CEC8
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_05564AB00_2_05564AB0
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_05564AAA0_2_05564AAA
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BBB6980_2_06BBB698
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB94AB0_2_06BB94AB
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB56080_2_06BB5608
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB56060_2_06BB5606
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB77200_2_06BB7720
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB51C30_2_06BB51C3
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB6E480_2_06BB6E48
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB5A400_2_06BB5A40
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C664580_2_06C66458
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C655D90_2_06C655D9
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C642F00_2_06C642F0
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6D2800_2_06C6D280
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6BC580_2_06C6BC58
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6DB800_2_06C6DB80
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C64BA00_2_06C64BA0
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6C6480_2_06C6C648
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6C6380_2_06C6C638
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C637930_2_06C63793
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C687480_2_06C68748
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C687390_2_06C68739
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C685400_2_06C68540
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C685300_2_06C68530
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C642DF0_2_06C642DF
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C642930_2_06C64293
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6C2410_2_06C6C241
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6C2500_2_06C6C250
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6D2700_2_06C6D270
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C663710_2_06C66371
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C673310_2_06C67331
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6633A0_2_06C6633A
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C673380_2_06C67338
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C650390_2_06C65039
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6E1200_2_06C6E120
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6E1300_2_06C6E130
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6BF000_2_06C6BF00
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6BF100_2_06C6BF10
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6BC480_2_06C6BC48
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C68BA80_2_06C68BA8
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6DB7E0_2_06C6DB7E
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6C8200_2_06C6C820
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C689C80_2_06C689C8
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C689D80_2_06C689D8
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6C9F90_2_06C6C9F9
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_02F2DC744_2_02F2DC74
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_0565EE584_2_0565EE58
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_056588504_2_05658850
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_056500404_2_05650040
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_056500064_2_05650006
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_056588404_2_05658840
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081900404_2_08190040
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081949E04_2_081949E0
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081932D04_2_081932D0
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_08193D704_2_08193D70
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_08190DA04_2_08190DA0
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081937304_2_08193730
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081977B84_2_081977B8
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081949CF4_2_081949CF
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081932C04_2_081932C0
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_08190D904_2_08190D90
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_081937224_2_08193722
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.00000000043D3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1324251884.0000000006E50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000000.1299466133.00000000006EE000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameDahv.exe4 vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.00000000047EB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1325422670.000000000A3C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.0000000003B69000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1470193472.0000000000446000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSteanings.exe8 vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeBinary or memory string: OriginalFilenameDahv.exe4 vs #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, dDW1LF02XoC9q5fjGG.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, dDW1LF02XoC9q5fjGG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, dDW1LF02XoC9q5fjGG.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, Tcg4fD9EiyEb1mLOcm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, dDW1LF02XoC9q5fjGG.csSecurity API names: _0020.SetAccessControl
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, dDW1LF02XoC9q5fjGG.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, dDW1LF02XoC9q5fjGG.csSecurity API names: _0020.AddAccessRule
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, Tcg4fD9EiyEb1mLOcm.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/1@0/1
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMutant created: NULL
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeReversingLabs: Detection: 68%
                      Source: unknownProcess created: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe "C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess created: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe "C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess created: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe "C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess created: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe "C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess created: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe "C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: rstrtmgr.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, dDW1LF02XoC9q5fjGG.cs.Net Code: sDFyT6Umb3 System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, dDW1LF02XoC9q5fjGG.cs.Net Code: sDFyT6Umb3 System.Reflection.Assembly.Load(byte[])
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_055642F8 push eax; iretd 0_2_05564321
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BBCEC3 pushfd ; iretd 0_2_06BBCEC9
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BB6E38 push ss; iretd 0_2_06BB6E3A
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BBCCFB pushad ; iretw 0_2_06BBCCFD
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06BBCAA8 pushad ; iretd 0_2_06BBCAA9
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6D047 push es; retf 0_2_06C6D048
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6D04B push CC06C6CCh; retf 0_2_06C6D051
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 0_2_06C6E05B pushfd ; ret 0_2_06C6E061
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_0565AA61 push 00000005h; ret 4_2_0565AA70
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeCode function: 4_2_0565D442 push eax; ret 4_2_0565D451
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeStatic PE information: section name: .text entropy: 7.7292642453168146
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, TF8Zd83Bo31VTCSwxM.csHigh entropy of concatenated method names: 'vnQYsOYNy9', 'KVLYk7mAM8', 'dLKYhvmhFE', 'ToString', 'ebnYUEY8P4', 'Il1YGKcXdK', 'fnp1pg3c3iQJ5dBbxlS', 'pfSIr43rhMgAo63DCIP', 'mAxjWG3IiHrqKBP63KZ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, L1B7607ONDylby8T6g.csHigh entropy of concatenated method names: 'H7SZxM6TIZ', 'buuZ4gdhEE', 'DCPbNKU7Ja', 'tE1bc4nsPC', 'knVbaol6Jn', 'vGdb39R3Jk', 'GBFbwrwTMd', 'Em6bI0dtYT', 'KVZbKbtyWi', 'xfdbnq4Yxs'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, BkMYk8GR983uAaY6oQ.csHigh entropy of concatenated method names: 'yr3AOSrpHu', 'PvkAJtyk4V', 'QqsAAnAl4R', 'BD4ALWJBDb', 'FrgApJ9qZ2', 'IRGAR5CUWC', 'Dispose', 'Kd5D1e9HGt', 'wI1DFj4kQ6', 'sQDDb4qofQ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, kfVQvRsxBAmX482kwE.csHigh entropy of concatenated method names: 'ToString', 'aONdjFSufa', 'xNDdVjsxXg', 'cRqdNuRoEk', 'vOddcafmr3', 'EUPdaTAVJu', 'fi5d3HYi6L', 'lyjdwPfvS2', 'iF0dIpiuXI', 'jqIdKY8h56'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, lUqVK5UOGci6aE1qvE.csHigh entropy of concatenated method names: 'pXHJBNhN5J', 'VBoJqgFn2l', 'SYfDEkeDxX', 'u8BDCYKZkK', 'vYHJjDIeq5', 'ftgJ8LBgZ1', 'JeTJ5N4QQ7', 'uIqJH3BLfb', 'zxWJtiCT7P', 'osHJsJTVcb'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, St4tIVMteTExDuJRF0.csHigh entropy of concatenated method names: 'xJUYf4dmAg', 'pFCYFZN2jO', 'wXMYZJgsdP', 'CLLYuV5uDH', 'r9tY04waPU', 'RLwZhladpM', 'yhBZUgtOtQ', 'KZ1ZGstBot', 'dy3ZB64ysW', 'Ha4ZPV2uCF'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, KMM71TCy30IpbrGmWYt.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MYovAbRZ4x', 'xtmviH3FRU', 'zZpvLNsfVl', 'x9pvv4paQY', 'TX0vpO0CJe', 'MAjvedLLi7', 'qpqvRowKTW'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, fKp7w9mlmS8NVDuo7w.csHigh entropy of concatenated method names: 'jeIbSfmaUT', 'MfJbWuriMo', 'A4mb9OGwpg', 'dTUbmnPZ5F', 'WU8bOAvjt6', 'UGGbdHkfdF', 'YuNbJTMFbW', 'fKwbDHPAHj', 'TOFbAjI0K8', 'agAbidKEJJ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, f245yVXgGWalDkBZ4r.csHigh entropy of concatenated method names: 'aQqTeQyS7', 'TjgS82tZv', 'vPXWlKRWx', 'xU54Ei7rv', 'yJWmRJm9H', 'jW57y9U66', 'Kmqx3pIoEgNiILXfd2', 'STq8BUcMfJpn757wpF', 'LU2DWtZSL', 'K6TiUry5Y'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, uGsfYozkvYiWUDlun9.csHigh entropy of concatenated method names: 'qRUiWrGV9w', 'xFfi9ggLQY', 'jGPimAyuNO', 'ODhiM695tK', 'mN2iVA14vm', 'cO0icrVa6n', 'Y3AialqKDh', 'RqjiRvYd19', 'SeJigXyS4t', 'cQAilPduSe'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, Klmmkj5aaF7sCwwumg.csHigh entropy of concatenated method names: 'PU269lNLvs', 'RZA6mTRXob', 'nCw6M6AeIc', 'sNG6VTLstT', 'lDl6cLh4bw', 'RrL6atSNq5', 'ttE6watYWl', 'oMn6IqAyCu', 'E8q6n66DmF', 'cGi6joEZXr'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, dDW1LF02XoC9q5fjGG.csHigh entropy of concatenated method names: 'peSofwJyQF', 'TMQo1DiE9N', 'LKhoFMkgEB', 'g8GobX2xSf', 'PSXoZUB5FE', 'WX3oY9oktX', 'w5Touwd7P0', 'S3Yo02sOvD', 'NDLo2n6mX8', 'pUAorYOpXC'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, lVMhJgCXY6pmsZO50lm.csHigh entropy of concatenated method names: 'ToString', 'PO8L90gtNy', 'DafLmTpxpc', 'iLxL7vrWRW', 'Up9LMxhrpP', 'ob3LVg16RR', 'QgMLNqqZeX', 'u4ALcEqXGV', 'XnOcUsMlGt76BC0nDCD', 'XSbkxkMe46bx1qlUwAp'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, Tcg4fD9EiyEb1mLOcm.csHigh entropy of concatenated method names: 'facFHYbm32', 'zEqFteDRYs', 'stoFsQyCND', 'K9JFkViIru', 'eZ7FhOTayH', 'FDOFUFDDLA', 'QToFGfniiX', 'zReFBYf3rI', 'kvTFPgM8Sb', 'CPSFq1e1tV'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, ercLL1wOUFkZuencyt.csHigh entropy of concatenated method names: 'fHeu1D305i', 'aUMubSgjul', 'BU5uYyLPar', 'DA4Yq9j6B5', 'QwXYzUWcgJ', 'zDauEvYS8w', 'KLCuCkqW4q', 'SImuXea4RI', 'K1fuox0aBB', 'fiFuy0Qn6n'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, WmKC83VwcNtx1Ueiel.csHigh entropy of concatenated method names: 'N6q9e83ku2DYVVtpOHg', 'aBMjXl30WRIdribQNKp', 'Nw5YDf5c51', 'HONYAUGYeZ', 'yNkYi8IccM', 'rKOG523mcfs9y09gB2D', 'EuNppr3t6frDPPC7Bc6', 'pdh9X73GBZFffJ0SIwM'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, k7qlpRCEDugtlWdIrLL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'y0nijZceji', 'Kiqi8JkbFV', 'MyOi5koexW', 'DdqiH3nXhF', 'hjTityCoNB', 'SptisnTAb1', 'xBqikLXRPu'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, wa43RMCCZUnCudQOc4A.csHigh entropy of concatenated method names: 'l3iiq7xts6', 'Wk5izYUAZ1', 'v8qLEILu0p', 'VMgLCfZqQQ', 'TkOLX9ENRo', 'vtjLobdG9l', 'yhoLyfEFbB', 'WPBLfwo1rH', 'DJXL1GgCpt', 'GTdLF5Hodl'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, D8AnSFKRX8s4l6TgC4.csHigh entropy of concatenated method names: 'KRHugsrmQw', 'Wi9ulnNwV7', 'Ou2uT1FG8g', 'SmtuSLgXw4', 'jhDuxPHRkY', 'vLiuW8ITv6', 'K01u4xGns4', 'vJJu9n7SZh', 'liUum5nF5Y', 'uZAu7E2R9e'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, KeWauMPGbecEnuvVG4.csHigh entropy of concatenated method names: 'y3wAMYPE5U', 'JnJAVooTjM', 'LorANwNu14', 'wccAciCPY9', 'iLeAaE5LAB', 'iPjA3OLccd', 'VBnAw6VloL', 'xYwAIVWckN', 'jWVAK4wP8a', 'T4aAnrEYul'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, lATcx2yfTGXsZ86JZQ.csHigh entropy of concatenated method names: 'QmkCucg4fD', 'aiyC0Eb1mL', 'DlmCrS8NVD', 'jo7CQwI1B7', 'd8TCO6gtt4', 'RIVCdteTEx', 'zdGSvDA8aVHnkYApdt', 'soJssn44rMNpP4FOxm', 'UOVCCTkYJe', 'bi0Coc17iG'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, AM0NM7HoRiQpNfhHxf.csHigh entropy of concatenated method names: 'i2AOnCIyUv', 'bJNO81IhXn', 'o7nOHKm5FB', 'bFbOtUiQ5P', 'NWXOVDOa4N', 'OtdONI4hv9', 'srbOc3uBm3', 'eIBOaJchEQ', 'HCPO3Z8bkF', 'f7uOwN0rEQ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, wVclCxFw43B2sapMI1.csHigh entropy of concatenated method names: 'Dispose', 'P3uCPAaY6o', 'QivXVEACOS', 'mHLZn8sHbW', 'nFhCq1iShB', 'Y69Czd4CmQ', 'ProcessDialogKey', 'v53XEeWauM', 'VbeXCcEnuv', 'HG4XXiM2QD'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, nZfxsJkDltaZSCCFPH.csHigh entropy of concatenated method names: 'tvmJrvgX7M', 'nt3JQGMG46', 'ToString', 'pDtJ105lqu', 'tqXJF2PHcf', 'gJYJbEO4yQ', 'i0lJZJb9NO', 'P6sJYuYQ43', 'kTFJuGSZhZ', 'BAfJ0QdAI1'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.a3c0000.3.raw.unpack, sM2QD1qyjWDaunQ57P.csHigh entropy of concatenated method names: 'QNFibqn8Tp', 'FQTiZgMET6', 'XemiYG30qQ', 'LkfiuOX48c', 'NQKiATw2Hm', 'R62i0CD50I', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, TF8Zd83Bo31VTCSwxM.csHigh entropy of concatenated method names: 'vnQYsOYNy9', 'KVLYk7mAM8', 'dLKYhvmhFE', 'ToString', 'ebnYUEY8P4', 'Il1YGKcXdK', 'fnp1pg3c3iQJ5dBbxlS', 'pfSIr43rhMgAo63DCIP', 'mAxjWG3IiHrqKBP63KZ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, L1B7607ONDylby8T6g.csHigh entropy of concatenated method names: 'H7SZxM6TIZ', 'buuZ4gdhEE', 'DCPbNKU7Ja', 'tE1bc4nsPC', 'knVbaol6Jn', 'vGdb39R3Jk', 'GBFbwrwTMd', 'Em6bI0dtYT', 'KVZbKbtyWi', 'xfdbnq4Yxs'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, BkMYk8GR983uAaY6oQ.csHigh entropy of concatenated method names: 'yr3AOSrpHu', 'PvkAJtyk4V', 'QqsAAnAl4R', 'BD4ALWJBDb', 'FrgApJ9qZ2', 'IRGAR5CUWC', 'Dispose', 'Kd5D1e9HGt', 'wI1DFj4kQ6', 'sQDDb4qofQ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, kfVQvRsxBAmX482kwE.csHigh entropy of concatenated method names: 'ToString', 'aONdjFSufa', 'xNDdVjsxXg', 'cRqdNuRoEk', 'vOddcafmr3', 'EUPdaTAVJu', 'fi5d3HYi6L', 'lyjdwPfvS2', 'iF0dIpiuXI', 'jqIdKY8h56'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, lUqVK5UOGci6aE1qvE.csHigh entropy of concatenated method names: 'pXHJBNhN5J', 'VBoJqgFn2l', 'SYfDEkeDxX', 'u8BDCYKZkK', 'vYHJjDIeq5', 'ftgJ8LBgZ1', 'JeTJ5N4QQ7', 'uIqJH3BLfb', 'zxWJtiCT7P', 'osHJsJTVcb'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, St4tIVMteTExDuJRF0.csHigh entropy of concatenated method names: 'xJUYf4dmAg', 'pFCYFZN2jO', 'wXMYZJgsdP', 'CLLYuV5uDH', 'r9tY04waPU', 'RLwZhladpM', 'yhBZUgtOtQ', 'KZ1ZGstBot', 'dy3ZB64ysW', 'Ha4ZPV2uCF'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, KMM71TCy30IpbrGmWYt.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'MYovAbRZ4x', 'xtmviH3FRU', 'zZpvLNsfVl', 'x9pvv4paQY', 'TX0vpO0CJe', 'MAjvedLLi7', 'qpqvRowKTW'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, fKp7w9mlmS8NVDuo7w.csHigh entropy of concatenated method names: 'jeIbSfmaUT', 'MfJbWuriMo', 'A4mb9OGwpg', 'dTUbmnPZ5F', 'WU8bOAvjt6', 'UGGbdHkfdF', 'YuNbJTMFbW', 'fKwbDHPAHj', 'TOFbAjI0K8', 'agAbidKEJJ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, f245yVXgGWalDkBZ4r.csHigh entropy of concatenated method names: 'aQqTeQyS7', 'TjgS82tZv', 'vPXWlKRWx', 'xU54Ei7rv', 'yJWmRJm9H', 'jW57y9U66', 'Kmqx3pIoEgNiILXfd2', 'STq8BUcMfJpn757wpF', 'LU2DWtZSL', 'K6TiUry5Y'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, uGsfYozkvYiWUDlun9.csHigh entropy of concatenated method names: 'qRUiWrGV9w', 'xFfi9ggLQY', 'jGPimAyuNO', 'ODhiM695tK', 'mN2iVA14vm', 'cO0icrVa6n', 'Y3AialqKDh', 'RqjiRvYd19', 'SeJigXyS4t', 'cQAilPduSe'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, Klmmkj5aaF7sCwwumg.csHigh entropy of concatenated method names: 'PU269lNLvs', 'RZA6mTRXob', 'nCw6M6AeIc', 'sNG6VTLstT', 'lDl6cLh4bw', 'RrL6atSNq5', 'ttE6watYWl', 'oMn6IqAyCu', 'E8q6n66DmF', 'cGi6joEZXr'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, dDW1LF02XoC9q5fjGG.csHigh entropy of concatenated method names: 'peSofwJyQF', 'TMQo1DiE9N', 'LKhoFMkgEB', 'g8GobX2xSf', 'PSXoZUB5FE', 'WX3oY9oktX', 'w5Touwd7P0', 'S3Yo02sOvD', 'NDLo2n6mX8', 'pUAorYOpXC'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, lVMhJgCXY6pmsZO50lm.csHigh entropy of concatenated method names: 'ToString', 'PO8L90gtNy', 'DafLmTpxpc', 'iLxL7vrWRW', 'Up9LMxhrpP', 'ob3LVg16RR', 'QgMLNqqZeX', 'u4ALcEqXGV', 'XnOcUsMlGt76BC0nDCD', 'XSbkxkMe46bx1qlUwAp'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, Tcg4fD9EiyEb1mLOcm.csHigh entropy of concatenated method names: 'facFHYbm32', 'zEqFteDRYs', 'stoFsQyCND', 'K9JFkViIru', 'eZ7FhOTayH', 'FDOFUFDDLA', 'QToFGfniiX', 'zReFBYf3rI', 'kvTFPgM8Sb', 'CPSFq1e1tV'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, ercLL1wOUFkZuencyt.csHigh entropy of concatenated method names: 'fHeu1D305i', 'aUMubSgjul', 'BU5uYyLPar', 'DA4Yq9j6B5', 'QwXYzUWcgJ', 'zDauEvYS8w', 'KLCuCkqW4q', 'SImuXea4RI', 'K1fuox0aBB', 'fiFuy0Qn6n'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, WmKC83VwcNtx1Ueiel.csHigh entropy of concatenated method names: 'N6q9e83ku2DYVVtpOHg', 'aBMjXl30WRIdribQNKp', 'Nw5YDf5c51', 'HONYAUGYeZ', 'yNkYi8IccM', 'rKOG523mcfs9y09gB2D', 'EuNppr3t6frDPPC7Bc6', 'pdh9X73GBZFffJ0SIwM'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, k7qlpRCEDugtlWdIrLL.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'y0nijZceji', 'Kiqi8JkbFV', 'MyOi5koexW', 'DdqiH3nXhF', 'hjTityCoNB', 'SptisnTAb1', 'xBqikLXRPu'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, wa43RMCCZUnCudQOc4A.csHigh entropy of concatenated method names: 'l3iiq7xts6', 'Wk5izYUAZ1', 'v8qLEILu0p', 'VMgLCfZqQQ', 'TkOLX9ENRo', 'vtjLobdG9l', 'yhoLyfEFbB', 'WPBLfwo1rH', 'DJXL1GgCpt', 'GTdLF5Hodl'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, D8AnSFKRX8s4l6TgC4.csHigh entropy of concatenated method names: 'KRHugsrmQw', 'Wi9ulnNwV7', 'Ou2uT1FG8g', 'SmtuSLgXw4', 'jhDuxPHRkY', 'vLiuW8ITv6', 'K01u4xGns4', 'vJJu9n7SZh', 'liUum5nF5Y', 'uZAu7E2R9e'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, KeWauMPGbecEnuvVG4.csHigh entropy of concatenated method names: 'y3wAMYPE5U', 'JnJAVooTjM', 'LorANwNu14', 'wccAciCPY9', 'iLeAaE5LAB', 'iPjA3OLccd', 'VBnAw6VloL', 'xYwAIVWckN', 'jWVAK4wP8a', 'T4aAnrEYul'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, lATcx2yfTGXsZ86JZQ.csHigh entropy of concatenated method names: 'QmkCucg4fD', 'aiyC0Eb1mL', 'DlmCrS8NVD', 'jo7CQwI1B7', 'd8TCO6gtt4', 'RIVCdteTEx', 'zdGSvDA8aVHnkYApdt', 'soJssn44rMNpP4FOxm', 'UOVCCTkYJe', 'bi0Coc17iG'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, AM0NM7HoRiQpNfhHxf.csHigh entropy of concatenated method names: 'i2AOnCIyUv', 'bJNO81IhXn', 'o7nOHKm5FB', 'bFbOtUiQ5P', 'NWXOVDOa4N', 'OtdONI4hv9', 'srbOc3uBm3', 'eIBOaJchEQ', 'HCPO3Z8bkF', 'f7uOwN0rEQ'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, wVclCxFw43B2sapMI1.csHigh entropy of concatenated method names: 'Dispose', 'P3uCPAaY6o', 'QivXVEACOS', 'mHLZn8sHbW', 'nFhCq1iShB', 'Y69Czd4CmQ', 'ProcessDialogKey', 'v53XEeWauM', 'VbeXCcEnuv', 'HG4XXiM2QD'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, nZfxsJkDltaZSCCFPH.csHigh entropy of concatenated method names: 'tvmJrvgX7M', 'nt3JQGMG46', 'ToString', 'pDtJ105lqu', 'tqXJF2PHcf', 'gJYJbEO4yQ', 'i0lJZJb9NO', 'P6sJYuYQ43', 'kTFJuGSZhZ', 'BAfJ0QdAI1'
                      Source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.46226c8.1.raw.unpack, sM2QD1qyjWDaunQ57P.csHigh entropy of concatenated method names: 'QNFibqn8Tp', 'FQTiZgMET6', 'XemiYG30qQ', 'LkfiuOX48c', 'NQKiATw2Hm', 'R62i0CD50I', 'Next', 'Next', 'Next', 'NextBytes'
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe PID: 7300, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: D00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 2B60000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 29B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 7880000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 8880000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 8A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 9A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: A450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: B450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: C450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 2EE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 3110000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: 2F60000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWindow / User API: threadDelayed 892Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWindow / User API: threadDelayed 3731Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe TID: 7320Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe TID: 7752Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe TID: 7500Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696503903o
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.0000000004245000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696503903}
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696503903z
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696503903n
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696503903s
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696503903p
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696503903~
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696503903o
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696503903j
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696503903f
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696503903t
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696503903t
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696503903s
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696503903f
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696503903x
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696503903x
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696503903x
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696503903h
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696503903u
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696503903|UE
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903^
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1470697223.0000000001423000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696503903]
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903x
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696503903d
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696503903t
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1480775618.000000000427A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696503903
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696503903j
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696503903}
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000034F0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696503903
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeMemory written: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess created: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe "C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeProcess created: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe "C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.478c128.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.478c128.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.1470193472.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1320945991.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe PID: 7300, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe PID: 7476, type: MEMORYSTR
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\walletsLR_q
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $_q1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.000000000328E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cjelfplplebdjjenllpjcblmjkfcffne|JaxxxLiberty
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1490273140.00000000065B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*.json*f'$
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR_q
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1490273140.00000000065B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\*.json*f'$
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $_q%appdata%`,_qdC:\Users\user\AppData\Roaming`,_qdC:\Users\user\AppData\Roaming\Binance
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum\walletsLR_q
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $_q&%localappdata%\Coinomi\Coinomi\walletsLR_q,A
                      Source: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $_q5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\cookies.sqliteJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Binance\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\Cache\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\db\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\Jump to behavior
                      Source: C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\Jump to behavior
                      Source: Yara matchFile source: 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe PID: 7476, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.478c128.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.478c128.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.1470193472.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1320945991.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe PID: 7300, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe PID: 7476, type: MEMORYSTR
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts221
                      Windows Management Instrumentation
                      1
                      DLL Side-Loading
                      111
                      Process Injection
                      1
                      Masquerading
                      1
                      OS Credential Dumping
                      221
                      Security Software Discovery
                      Remote Services1
                      Archive Collected Data
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      LSASS Memory1
                      Process Discovery
                      Remote Desktop Protocol3
                      Data from Local System
                      1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)241
                      Virtualization/Sandbox Evasion
                      Security Account Manager241
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin SharesData from Network Shared Drive1
                      Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                      Process Injection
                      NTDS1
                      Application Window Discovery
                      Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                      Obfuscated Files or Information
                      LSA Secrets113
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                      Software Packing
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      DLL Side-Loading
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe68%ReversingLabsByteCode-MSIL.Trojan.Leonem
                      #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe100%Joe Sandbox ML
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      No contacted domains info
                      NameSourceMaliciousAntivirus DetectionReputation
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://schemas.xmlsoap.org/ws/2005/02/sc/sct#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://duckduckgo.com/chrome_newtab#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://duckduckgo.com/ac/?q=#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://tempuri.org/Entity/Id23ResponseD#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.000000000324A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://tempuri.org/Entity/Id12Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://tempuri.org/#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://tempuri.org/Entity/Id2Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            http://tempuri.org/Entity/Id21Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://tempuri.org/Entity/Id9#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    http://tempuri.org/Entity/Id8#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://tempuri.org/Entity/Id5#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://tempuri.org/Entity/Id4#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            http://tempuri.org/Entity/Id7#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://purl.oen#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1470599338.00000000012BE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                high
                                                                http://tempuri.org/Entity/Id6#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://tempuri.org/Entity/Id19Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      high
                                                                      http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/fault#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                high
                                                                                http://schemas.xmlsoap.org/ws/2004/10/wsat#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  high
                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    high
                                                                                    http://tempuri.org/Entity/Id15Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      high
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          high
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            high
                                                                                            http://tempuri.org/Entity/Id6Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              high
                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                high
                                                                                                https://api.ip.sb/ip#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000000.00000002.1320945991.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1470193472.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                                  high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/sc#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    high
                                                                                                    http://tempuri.org/Entity/Id1ResponseD#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      high
                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        high
                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          high
                                                                                                          http://tempuri.org/Entity/Id9Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            high
                                                                                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              high
                                                                                                              http://tempuri.org/Entity/Id20#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                high
                                                                                                                http://tempuri.org/Entity/Id21#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  high
                                                                                                                  http://tempuri.org/Entity/Id22#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    high
                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      high
                                                                                                                      http://tempuri.org/Entity/Id23#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        high
                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          high
                                                                                                                          http://tempuri.org/Entity/Id24#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            high
                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              high
                                                                                                                              http://tempuri.org/Entity/Id24Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                high
                                                                                                                                https://www.ecosia.org/newtab/#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  high
                                                                                                                                  http://tempuri.org/Entity/Id1Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    high
                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            high
                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                high
                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  high
                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/08/addressing#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        high
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/04/trust#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          high
                                                                                                                                                          http://tempuri.org/Entity/Id10#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            high
                                                                                                                                                            http://tempuri.org/Entity/Id11#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              high
                                                                                                                                                              http://tempuri.org/Entity/Id12#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                high
                                                                                                                                                                http://tempuri.org/Entity/Id16Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      high
                                                                                                                                                                      http://tempuri.org/Entity/Id13#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        high
                                                                                                                                                                        http://tempuri.org/Entity/Id14#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          high
                                                                                                                                                                          http://tempuri.org/Entity/Id15#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            high
                                                                                                                                                                            http://tempuri.org/Entity/Id16#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                high
                                                                                                                                                                                http://tempuri.org/Entity/Id17#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  high
                                                                                                                                                                                  http://tempuri.org/Entity/Id18#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    high
                                                                                                                                                                                    http://tempuri.org/Entity/Id5Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      high
                                                                                                                                                                                      http://tempuri.org/Entity/Id19#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                        high
                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          high
                                                                                                                                                                                          http://tempuri.org/Entity/Id10Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                            high
                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/Renew#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              high
                                                                                                                                                                                              http://tempuri.org/Entity/Id8Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                high
                                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  high
                                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    high
                                                                                                                                                                                                    http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      high
                                                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        high
                                                                                                                                                                                                        http://schemas.xmlsoap.org/ws/2006/02/addressingidentity#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          high
                                                                                                                                                                                                          http://schemas.xmlsoap.org/soap/envelope/#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            high
                                                                                                                                                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              high
                                                                                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                high
                                                                                                                                                                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  high
                                                                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    high
                                                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      high
                                                                                                                                                                                                                      http://tempuri.org/Entity/Id3ResponseD#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.000000000324A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        high
                                                                                                                                                                                                                        http://tempuri.org/Entity/Id23Response#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.0000000003111000.00000004.00000800.00020000.00000000.sdmp, #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          high
                                                                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            high
                                                                                                                                                                                                                            http://tempuri.org/D#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe, 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              high
                                                                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                                                                              • 75% < No. of IPs
                                                                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                              87.120.120.86
                                                                                                                                                                                                                              unknownBulgaria
                                                                                                                                                                                                                              25206UNACS-AS-BG8000BurgasBGtrue
                                                                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                              Analysis ID:1576072
                                                                                                                                                                                                                              Start date and time:2024-12-16 14:07:08 +01:00
                                                                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                              Overall analysis duration:0h 5m 35s
                                                                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                              Report type:full
                                                                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                              Number of analysed new started processes analysed:9
                                                                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                                                                              Technologies:
                                                                                                                                                                                                                              • HCA enabled
                                                                                                                                                                                                                              • EGA enabled
                                                                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                                                                              Sample name:#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                                                                                                                                                                                                                              renamed because original name is a hash value
                                                                                                                                                                                                                              Original Sample Name: 11.12.2024.exe
                                                                                                                                                                                                                              Detection:MAL
                                                                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@5/1@0/1
                                                                                                                                                                                                                              EGA Information:
                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                              HCA Information:
                                                                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                                                                              • Number of executed functions: 72
                                                                                                                                                                                                                              • Number of non-executed functions: 33
                                                                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 23.218.208.109, 4.175.87.197
                                                                                                                                                                                                                              • Excluded domains from analysis (whitelisted): fs.microsoft.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                              • VT rate limit hit for: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                                                                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                                                                              08:08:02API Interceptor27x Sleep call for process: #U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe modified
                                                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                              87.120.120.86po4877383.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                                                                No context
                                                                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                UNACS-AS-BG8000BurgasBGfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VenomRAT, VidarBrowse
                                                                                                                                                                                                                                • 87.120.127.228
                                                                                                                                                                                                                                file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                                                                                                                                                                                                                                • 87.120.127.228
                                                                                                                                                                                                                                9coH9ASP3h.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                • 87.120.121.160
                                                                                                                                                                                                                                Estado.de.cuenta.xlsGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                • 87.120.121.160
                                                                                                                                                                                                                                https://0388net.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 87.120.125.144
                                                                                                                                                                                                                                https://0388net.ccGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                • 87.120.125.144
                                                                                                                                                                                                                                tqkdMdv2zO.docGet hashmaliciousXenoRATBrowse
                                                                                                                                                                                                                                • 87.120.121.160
                                                                                                                                                                                                                                file.exeGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                • 87.120.121.160
                                                                                                                                                                                                                                uRxH0oSpKL.exeGet hashmaliciousAveMaria, PrivateLoader, UACMeBrowse
                                                                                                                                                                                                                                • 87.120.121.160
                                                                                                                                                                                                                                Estado.de.cuenta.xlsGet hashmaliciousAveMaria, UACMeBrowse
                                                                                                                                                                                                                                • 87.120.121.160
                                                                                                                                                                                                                                No context
                                                                                                                                                                                                                                No context
                                                                                                                                                                                                                                Process:C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                Size (bytes):1216
                                                                                                                                                                                                                                Entropy (8bit):5.34331486778365
                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                Reputation:high, very likely benign file
                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                Entropy (8bit):7.719380943526991
                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                                File name:#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                                                                                                                                                                                                                                File size:901'120 bytes
                                                                                                                                                                                                                                MD5:1edaba9f8d91ad001893722fe5c3ec3b
                                                                                                                                                                                                                                SHA1:1bc10e6c9ba39c6dcce671e83479db4c22c3d00a
                                                                                                                                                                                                                                SHA256:717a77357b194172da9212b29de15aa4405c3503dedddc2457dc97e196aedb93
                                                                                                                                                                                                                                SHA512:4a050691f669fc3285da0dd8a01c7c2243cc969e84539e5df337860b5f07c34026708d4bc8bb6982abfcec5b5471f493c94b24b1e94af6a66af37c67181e9758
                                                                                                                                                                                                                                SSDEEP:24576:tMaciw+uNtabUA/F9bXtFRF+z84My9GrkiTVqgooDmMV:tRciw+uibUKZ9FRM8QsjD9V
                                                                                                                                                                                                                                TLSH:5815D0C03B3AB702DE6CB9348536EDBC62591E68B00478E3AEDD3B5776991139A0DF44
                                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?Yg..............0.................. ........@.. ....................... ............@................................
                                                                                                                                                                                                                                Icon Hash:32642092d4f29244
                                                                                                                                                                                                                                Entrypoint:0x4dc596
                                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                Time Stamp:0x67593F0B [Wed Dec 11 07:28:11 2024 UTC]
                                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                                                                                push ebx
                                                                                                                                                                                                                                add byte ptr [ecx+00h], bh
                                                                                                                                                                                                                                jnc 00007F59548DF702h
                                                                                                                                                                                                                                je 00007F59548DF702h
                                                                                                                                                                                                                                add byte ptr [ebp+00h], ch
                                                                                                                                                                                                                                add byte ptr [edx+00h], dl
                                                                                                                                                                                                                                add byte ptr [esi+00h], ah
                                                                                                                                                                                                                                insb
                                                                                                                                                                                                                                add byte ptr [ebp+00h], ah
                                                                                                                                                                                                                                arpl word ptr [eax], ax
                                                                                                                                                                                                                                je 00007F59548DF702h
                                                                                                                                                                                                                                imul eax, dword ptr [eax], 006E006Fh
                                                                                                                                                                                                                                add byte ptr [ecx+00h], al
                                                                                                                                                                                                                                jnc 00007F59548DF702h
                                                                                                                                                                                                                                jnc 00007F59548DF702h
                                                                                                                                                                                                                                add byte ptr [ebp+00h], ch
                                                                                                                                                                                                                                bound eax, dword ptr [eax]
                                                                                                                                                                                                                                insb
                                                                                                                                                                                                                                add byte ptr [ecx+00h], bh
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                dec esp
                                                                                                                                                                                                                                add byte ptr [edi+00h], ch
                                                                                                                                                                                                                                popad
                                                                                                                                                                                                                                add byte ptr [eax+eax+00h], ah
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xdc5440x4f.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xde0000x14a8.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xe00000xc.reloc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                .text0x20000xda5dc0xda600492eb4b5ebc2e76862629f48e459ecceFalse0.8871547653119634data7.7292642453168146IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0xde0000x14a80x1600ab6fe1d307969a86c7e19393b4804928False0.36487926136363635data4.861695082225112IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .reloc0xe00000xc0x200e89a7be98e0e2265070550f62c71d5b9False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_ICON0xde1180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.3726547842401501
                                                                                                                                                                                                                                RT_GROUP_ICON0xdf1c00x14data1.1
                                                                                                                                                                                                                                RT_GROUP_ICON0xdf1d40x14data1.05
                                                                                                                                                                                                                                RT_VERSION0xdf1e80x2bedata0.4672364672364672
                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                mscoree.dll_CorExeMain
                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2024-12-16T14:08:10.983002+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.114970987.120.120.861912TCP
                                                                                                                                                                                                                                2024-12-16T14:08:10.983002+01002046045ET MALWARE [ANY.RUN] RedLine Stealer/MetaStealer Family Related (MC-NMF Authorization)1192.168.2.114970987.120.120.861912TCP
                                                                                                                                                                                                                                2024-12-16T14:08:11.440191+01002043234ET MALWARE Redline Stealer TCP CnC - Id1Response187.120.120.861912192.168.2.1149709TCP
                                                                                                                                                                                                                                2024-12-16T14:08:16.488182+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.114970987.120.120.861912TCP
                                                                                                                                                                                                                                2024-12-16T14:08:16.883722+01002046056ET MALWARE Redline Stealer/MetaStealer Family Activity (Response)187.120.120.861912192.168.2.1149709TCP
                                                                                                                                                                                                                                2024-12-16T14:08:20.426775+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.114970987.120.120.861912TCP
                                                                                                                                                                                                                                2024-12-16T14:08:20.868039+01002043231ET MALWARE Redline Stealer TCP CnC Activity1192.168.2.114970987.120.120.861912TCP
                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 16, 2024 14:08:09.467008114 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:09.634052992 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:09.634155035 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:09.651900053 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:09.772037029 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:10.882627964 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:10.936947107 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:10.983001947 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:11.102843046 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:11.440191031 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:11.483802080 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.488182068 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.607944012 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.883495092 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.883570910 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.883584976 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.883641005 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.883722067 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.883735895 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:16.883779049 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.861124039 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981125116 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981209040 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981271029 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981282949 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981295109 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981343985 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981348038 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981354952 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981404066 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981450081 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981472015 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981502056 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981529951 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981555939 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981587887 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981606007 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:18.981646061 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103141069 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103169918 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103229046 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103255033 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103285074 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103293896 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103322983 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.103346109 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.105886936 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.105948925 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.105981112 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.106040001 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.107367039 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.107412100 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.107419968 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.107434988 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.107465982 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.107489109 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.108969927 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.109030962 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.109081030 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.109128952 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.110610008 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.110682011 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223072052 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223115921 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223154068 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223181963 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223239899 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223303080 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223330021 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223340988 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.223395109 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.225789070 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.225845098 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.225872040 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.225918055 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.225923061 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.225961924 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227149010 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227199078 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227216959 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227262974 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227356911 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227401972 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227435112 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227443933 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227485895 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227494955 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227588892 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227639914 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227674961 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.227726936 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228776932 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228787899 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228836060 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228856087 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228879929 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228899002 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228924036 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228946924 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228982925 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.228996992 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.229024887 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.229083061 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.229094982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.229134083 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.230421066 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.230463028 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.230469942 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.230501890 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.230530977 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.230540991 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.230581045 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343372107 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343452930 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343601942 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343647957 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343666077 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343671083 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343683958 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343720913 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343734026 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343772888 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343781948 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343811035 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343858004 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343869925 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343904018 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343916893 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343955994 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.343996048 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344006062 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344043970 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344131947 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344149113 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344409943 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344459057 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344638109 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344690084 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.344969988 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.345098019 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.345207930 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.345216990 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.345762968 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.345829010 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.345942020 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.345952034 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.346065998 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.346077919 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.346254110 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.346263885 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.346328020 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.346951962 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347042084 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347171068 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347207069 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347332954 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347408056 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347543001 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347630978 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347757101 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347765923 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347875118 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347887039 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347932100 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.347949028 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348129988 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348215103 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348226070 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348414898 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348426104 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348464966 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348659039 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348671913 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348817110 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.348848104 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349023104 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349031925 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349170923 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349194050 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349343061 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349386930 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349508047 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349529982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349757910 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349766970 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349895000 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.349904060 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350564003 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350573063 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350589991 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350600004 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350622892 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350631952 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350641012 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.350651026 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.463613033 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.463630915 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.463939905 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.463949919 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464174986 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464184999 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464365959 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464378119 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464577913 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464587927 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464757919 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464776039 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464915037 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.464932919 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465013981 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465056896 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465172052 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465197086 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465321064 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465370893 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465756893 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.465843916 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468092918 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468126059 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468141079 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468178988 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468310118 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468375921 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468447924 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468528986 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468669891 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468750000 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468884945 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.468959093 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469156027 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469176054 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469255924 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469273090 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469356060 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469369888 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469508886 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469537973 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469643116 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469698906 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469775915 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469882011 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.469995975 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470077991 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470154047 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470176935 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470254898 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470380068 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470480919 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470494032 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470571041 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470582962 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470675945 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470685959 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470798969 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.470865965 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471005917 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471029997 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471102953 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471126080 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471236944 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471292019 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471396923 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471441031 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471569061 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471581936 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471710920 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471750021 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471880913 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.471894979 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.472012997 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.472243071 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.472618103 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.472672939 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.585938931 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.585969925 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.585982084 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.585994959 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586023092 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586036921 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586049080 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586061954 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586075068 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586088896 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586112022 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586127043 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586183071 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586198092 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586286068 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586483002 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586499929 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586539984 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586627960 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586658955 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586767912 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586781979 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586937904 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.586951017 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587084055 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587100029 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587198973 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587219954 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587280035 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587321997 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587337971 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587399960 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587492943 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587516069 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587649107 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587693930 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587842941 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587857962 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587938070 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587950945 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587984085 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.587996960 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588109970 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588120937 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588320971 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588444948 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588534117 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588543892 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588660002 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588705063 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588855982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.588866949 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.589355946 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.589411020 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.589849949 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.589942932 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592389107 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592422962 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592459917 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592482090 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592557907 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592719078 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592731953 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592753887 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.592832088 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593044043 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593055010 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593082905 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593152046 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593209982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593235016 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593389034 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593444109 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593472958 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593482971 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593518019 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593528032 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593631983 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593648911 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593904018 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593914986 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593926907 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.593941927 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594007969 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594180107 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594326019 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594427109 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594438076 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594517946 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594528913 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594635010 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594661951 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594773054 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594824076 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594958067 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.594966888 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595149994 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595175982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595308065 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595365047 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595473051 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595495939 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595609903 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595647097 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595762014 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595793009 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595899105 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.595987082 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.596142054 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.596163034 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.596530914 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.596609116 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.709903955 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.709934950 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710021019 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710032940 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710153103 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710264921 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710360050 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710396051 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710556984 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710606098 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710666895 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710684061 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710738897 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710815907 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710884094 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.710913897 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711210966 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711221933 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711389065 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711514950 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711592913 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711709976 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711733103 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711745977 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711930037 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.711941004 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712068081 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712151051 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712277889 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712354898 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712404013 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712451935 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712583065 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712645054 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712728977 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.712778091 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713022947 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713064909 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713265896 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713289976 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713409901 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713439941 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713490009 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713550091 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713758945 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713838100 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713937998 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.713956118 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.714138031 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.714175940 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.714431047 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.714452982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.714598894 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.714610100 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.714929104 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.715020895 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716485023 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716495991 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716506004 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716579914 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716644049 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716654062 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716707945 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716749907 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716856956 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716897964 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.716980934 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717019081 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717195034 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717209101 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717295885 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717307091 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717380047 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717469931 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717586040 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717619896 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717768908 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717792034 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717896938 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717906952 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.717986107 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718022108 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718261957 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718286037 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718381882 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718391895 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718404055 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718441010 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718544960 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718633890 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718667984 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718677044 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718792915 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718827009 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718935013 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.718969107 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719155073 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719202042 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719285965 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719357967 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719405890 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719434977 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719585896 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719598055 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719659090 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719681978 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719748020 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719873905 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719926119 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.719944000 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.720200062 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.720274925 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835026026 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835073948 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835120916 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835165977 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835268974 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835303068 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835366011 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835416079 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835520983 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835760117 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835802078 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835895061 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835915089 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835978985 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.835993052 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836066008 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836090088 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836189985 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836255074 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836508036 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836533070 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836663961 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836678982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836743116 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836802959 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836975098 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.836999893 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837327957 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837413073 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837523937 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837564945 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837645054 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837677002 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837738037 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837795019 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837893963 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.837914944 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838028908 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838042021 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838268995 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838315010 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838397980 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838440895 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838491917 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838545084 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838654995 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838666916 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838680029 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838762999 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838836908 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.838912010 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.839052916 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.839179039 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.839222908 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840079069 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840296030 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840310097 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840384960 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840411901 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840517998 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840529919 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840605021 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840616941 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840821028 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.840835094 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841046095 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841114044 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841264963 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841303110 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841430902 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841459990 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841577053 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841587067 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841743946 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.841777086 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842014074 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842027903 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842128038 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842261076 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842452049 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842612028 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842755079 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842775106 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842849970 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842925072 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842977047 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.842993021 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.843116999 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.843130112 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.843238115 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.843276024 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.843358994 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.843368053 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960439920 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960614920 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960656881 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960670948 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960720062 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960777998 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960809946 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960824966 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.960926056 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961009979 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961034060 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961101055 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961182117 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961218119 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961288929 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961342096 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961460114 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961596966 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961733103 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961889982 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.961975098 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.962018967 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.962049961 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.962156057 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.962191105 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:19.962217093 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:20.425679922 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:20.426774979 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:20.546590090 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:20.816140890 CET19124970987.120.120.86192.168.2.11
                                                                                                                                                                                                                                Dec 16, 2024 14:08:20.858817101 CET497091912192.168.2.1187.120.120.86
                                                                                                                                                                                                                                Dec 16, 2024 14:08:20.868038893 CET497091912192.168.2.1187.120.120.86

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:08:08:02
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"
                                                                                                                                                                                                                                Imagebase:0x610000
                                                                                                                                                                                                                                File size:901'120 bytes
                                                                                                                                                                                                                                MD5 hash:1EDABA9F8D91AD001893722FE5C3EC3B
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1320945991.0000000003B69000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.1320945991.0000000004783000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                Start time:08:08:03
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"
                                                                                                                                                                                                                                Imagebase:0x50000
                                                                                                                                                                                                                                File size:901'120 bytes
                                                                                                                                                                                                                                MD5 hash:1EDABA9F8D91AD001893722FE5C3EC3B
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                Start time:08:08:03
                                                                                                                                                                                                                                Start date:16/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\#U0417#U0430#U043f#U0440#U043e#U0441 11.12.2024.exe"
                                                                                                                                                                                                                                Imagebase:0xcf0000
                                                                                                                                                                                                                                File size:901'120 bytes
                                                                                                                                                                                                                                MD5 hash:1EDABA9F8D91AD001893722FE5C3EC3B
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.1470193472.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000004.00000002.1476017854.00000000031A6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1476017854.00000000032A0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:10%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:3.7%
                                                                                                                                                                                                                                  Total number of Nodes:246
                                                                                                                                                                                                                                  Total number of Limit Nodes:19
                                                                                                                                                                                                                                  execution_graph 41443 6bba4d8 41444 6bba663 41443->41444 41446 6bba4fe 41443->41446 41446->41444 41447 6bb7c34 41446->41447 41448 6bba758 PostMessageW 41447->41448 41449 6bba7c4 41448->41449 41449->41446 41624 6c6b470 41625 6c6b4b8 VirtualProtect 41624->41625 41626 6c6b4f2 41625->41626 41627 556da60 CloseHandle 41628 556dac7 41627->41628 41405 d0d1d8 41406 d0d21e GetCurrentProcess 41405->41406 41408 d0d270 GetCurrentThread 41406->41408 41410 d0d269 41406->41410 41409 d0d2ad GetCurrentProcess 41408->41409 41411 d0d2a6 41408->41411 41414 d0d2e3 41409->41414 41410->41408 41411->41409 41412 d0d30b GetCurrentThreadId 41413 d0d33c 41412->41413 41414->41412 41629 d04668 41630 d04672 41629->41630 41634 d04758 41629->41634 41639 d03e1c 41630->41639 41632 d0468d 41635 d0477d 41634->41635 41645 d04858 41635->41645 41649 d04868 41635->41649 41640 d03e27 41639->41640 41657 d05c60 41640->41657 41642 d06f9a 41661 d05c70 41642->41661 41644 d06fac 41644->41632 41647 d0488f 41645->41647 41646 d0496c 41647->41646 41653 d0449c 41647->41653 41651 d0488f 41649->41651 41650 d0496c 41650->41650 41651->41650 41652 d0449c CreateActCtxA 41651->41652 41652->41650 41654 d058f8 CreateActCtxA 41653->41654 41656 d059bb 41654->41656 41658 d05c6b 41657->41658 41659 d05c70 GetModuleHandleW 41658->41659 41660 d07050 41659->41660 41660->41642 41662 d05c7b 41661->41662 41665 d05cc8 41662->41665 41664 d07175 41664->41644 41666 d05cd3 41665->41666 41669 d05cf8 41666->41669 41668 d0725a 41668->41664 41670 d05d03 41669->41670 41673 d05d28 41670->41673 41672 d0734d 41672->41668 41674 d05d33 41673->41674 41675 d0864b 41674->41675 41679 d0acf2 41674->41679 41676 d08689 41675->41676 41683 d0cde0 41675->41683 41676->41672 41688 d0ad18 41679->41688 41692 d0ad28 41679->41692 41680 d0ad06 41680->41675 41684 d0ce11 41683->41684 41685 d0ce35 41684->41685 41700 d0d0c0 41684->41700 41704 d0d0b1 41684->41704 41685->41676 41689 d0ad28 41688->41689 41695 d0b209 41689->41695 41690 d0ad37 41690->41680 41694 d0b209 GetModuleHandleW 41692->41694 41693 d0ad37 41693->41680 41694->41693 41696 d0b25c 41695->41696 41697 d0b239 41695->41697 41696->41690 41697->41696 41698 d0b460 GetModuleHandleW 41697->41698 41699 d0b48d 41698->41699 41699->41690 41701 d0d0cd 41700->41701 41702 d0d107 41701->41702 41708 d0b140 41701->41708 41702->41685 41705 d0d0cd 41704->41705 41706 d0d107 41705->41706 41707 d0b140 GetModuleHandleW 41705->41707 41706->41685 41707->41706 41709 d0b14b 41708->41709 41711 d0de20 41709->41711 41712 d0d46c 41709->41712 41713 d0d477 41712->41713 41714 d05d28 GetModuleHandleW 41713->41714 41715 d0de8f 41714->41715 41715->41711 41716 d0d828 DuplicateHandle 41717 d0d8be 41716->41717 41415 556e088 41416 556e0c2 41415->41416 41417 556e153 41416->41417 41418 556e13e 41416->41418 41419 556cecc 3 API calls 41417->41419 41423 556cecc 41418->41423 41421 556e162 41419->41421 41424 556ced7 41423->41424 41425 556e149 41424->41425 41428 556eaa8 41424->41428 41434 556ea99 41424->41434 41430 556eac2 41428->41430 41440 556cf14 41428->41440 41431 556eacf 41430->41431 41432 556eaf8 CreateIconFromResourceEx 41430->41432 41431->41425 41433 556eb76 41432->41433 41433->41425 41435 556cf14 CreateIconFromResourceEx 41434->41435 41436 556eac2 41435->41436 41437 556eacf 41436->41437 41438 556eaf8 CreateIconFromResourceEx 41436->41438 41437->41425 41439 556eb76 41438->41439 41439->41425 41441 556eaf8 CreateIconFromResourceEx 41440->41441 41442 556eb76 41441->41442 41442->41430 41450 6bb8855 41451 6bb878e 41450->41451 41452 6bb87a3 41451->41452 41456 6bb9180 41451->41456 41472 6bb91e6 41451->41472 41489 6bb9170 41451->41489 41457 6bb919a 41456->41457 41465 6bb91a2 41457->41465 41505 6bb9bfa 41457->41505 41510 6bb9b80 41457->41510 41515 6bb97a3 41457->41515 41520 6bb978c 41457->41520 41525 6bb968d 41457->41525 41530 6bb94ab 41457->41530 41536 6bb9b35 41457->41536 41541 6bb9733 41457->41541 41545 6bb9e73 41457->41545 41553 6bb9bdd 41457->41553 41558 6bb9a1e 41457->41558 41563 6bb9a3f 41457->41563 41571 6bb9bd8 41457->41571 41465->41452 41473 6bb9174 41472->41473 41474 6bb91e9 41472->41474 41475 6bb91a2 41473->41475 41476 6bb9bfa 2 API calls 41473->41476 41477 6bb9bd8 2 API calls 41473->41477 41478 6bb9a3f 4 API calls 41473->41478 41479 6bb9a1e 2 API calls 41473->41479 41480 6bb9bdd 2 API calls 41473->41480 41481 6bb9e73 4 API calls 41473->41481 41482 6bb9733 2 API calls 41473->41482 41483 6bb9b35 2 API calls 41473->41483 41484 6bb94ab 2 API calls 41473->41484 41485 6bb968d 2 API calls 41473->41485 41486 6bb978c 2 API calls 41473->41486 41487 6bb97a3 2 API calls 41473->41487 41488 6bb9b80 2 API calls 41473->41488 41474->41452 41475->41452 41476->41475 41477->41475 41478->41475 41479->41475 41480->41475 41481->41475 41482->41475 41483->41475 41484->41475 41485->41475 41486->41475 41487->41475 41488->41475 41490 6bb9174 41489->41490 41491 6bb91a2 41490->41491 41492 6bb9bfa 2 API calls 41490->41492 41493 6bb9bd8 2 API calls 41490->41493 41494 6bb9a3f 4 API calls 41490->41494 41495 6bb9a1e 2 API calls 41490->41495 41496 6bb9bdd 2 API calls 41490->41496 41497 6bb9e73 4 API calls 41490->41497 41498 6bb9733 2 API calls 41490->41498 41499 6bb9b35 2 API calls 41490->41499 41500 6bb94ab 2 API calls 41490->41500 41501 6bb968d 2 API calls 41490->41501 41502 6bb978c 2 API calls 41490->41502 41503 6bb97a3 2 API calls 41490->41503 41504 6bb9b80 2 API calls 41490->41504 41491->41452 41492->41491 41493->41491 41494->41491 41495->41491 41496->41491 41497->41491 41498->41491 41499->41491 41500->41491 41501->41491 41502->41491 41503->41491 41504->41491 41506 6bb9e3f 41505->41506 41576 6bb802b 41506->41576 41580 6bb8030 41506->41580 41507 6bb9e5d 41511 6bb9b86 41510->41511 41512 6bb9d66 41511->41512 41584 6bb80eb 41511->41584 41588 6bb80f0 41511->41588 41512->41465 41516 6bb9b97 41515->41516 41517 6bb9d66 41516->41517 41518 6bb80eb WriteProcessMemory 41516->41518 41519 6bb80f0 WriteProcessMemory 41516->41519 41517->41465 41518->41516 41519->41516 41521 6bb9f8a 41520->41521 41592 6bb7f58 41521->41592 41596 6bb7f50 41521->41596 41522 6bb9fa5 41526 6bb9576 41525->41526 41527 6bb9725 41526->41527 41600 6bb8378 41526->41600 41604 6bb836d 41526->41604 41527->41527 41531 6bb9442 41530->41531 41532 6bb94ae 41530->41532 41531->41465 41533 6bb9725 41532->41533 41534 6bb8378 CreateProcessA 41532->41534 41535 6bb836d CreateProcessA 41532->41535 41533->41533 41534->41532 41535->41532 41537 6bb9b3b 41536->41537 41608 6bb7669 41537->41608 41612 6bb7670 41537->41612 41538 6bb9b61 41538->41465 41538->41538 41543 6bb7f58 Wow64SetThreadContext 41541->41543 41544 6bb7f50 Wow64SetThreadContext 41541->41544 41542 6bb974d 41543->41542 41544->41542 41549 6bb80eb WriteProcessMemory 41545->41549 41550 6bb80f0 WriteProcessMemory 41545->41550 41546 6bb9e02 41546->41545 41548 6bb9576 41546->41548 41547 6bb9725 41547->41465 41548->41547 41551 6bb8378 CreateProcessA 41548->41551 41552 6bb836d CreateProcessA 41548->41552 41549->41546 41550->41546 41551->41548 41552->41548 41554 6bb9b35 41553->41554 41555 6bb9b61 41554->41555 41556 6bb7669 ResumeThread 41554->41556 41557 6bb7670 ResumeThread 41554->41557 41555->41465 41555->41555 41556->41555 41557->41555 41559 6bb9a27 41558->41559 41561 6bb80eb WriteProcessMemory 41559->41561 41562 6bb80f0 WriteProcessMemory 41559->41562 41560 6bb9f6b 41561->41560 41562->41560 41616 6bb81d9 41563->41616 41620 6bb81e0 41563->41620 41564 6bb99d3 41564->41563 41566 6bb9576 41564->41566 41565 6bb9725 41566->41565 41569 6bb8378 CreateProcessA 41566->41569 41570 6bb836d CreateProcessA 41566->41570 41569->41566 41570->41566 41572 6bb9b4c 41571->41572 41574 6bb7669 ResumeThread 41572->41574 41575 6bb7670 ResumeThread 41572->41575 41573 6bb9b61 41573->41465 41573->41573 41574->41573 41575->41573 41577 6bb8070 VirtualAllocEx 41576->41577 41579 6bb80ad 41577->41579 41579->41507 41581 6bb8070 VirtualAllocEx 41580->41581 41583 6bb80ad 41581->41583 41583->41507 41585 6bb8138 WriteProcessMemory 41584->41585 41587 6bb818f 41585->41587 41587->41511 41589 6bb8138 WriteProcessMemory 41588->41589 41591 6bb818f 41589->41591 41591->41511 41593 6bb7f9d Wow64SetThreadContext 41592->41593 41595 6bb7fe5 41593->41595 41595->41522 41597 6bb7f9d Wow64SetThreadContext 41596->41597 41599 6bb7fe5 41597->41599 41599->41522 41601 6bb8401 CreateProcessA 41600->41601 41603 6bb85c3 41601->41603 41605 6bb8401 41604->41605 41605->41605 41606 6bb8566 CreateProcessA 41605->41606 41607 6bb85c3 41606->41607 41609 6bb76b0 ResumeThread 41608->41609 41611 6bb76e1 41609->41611 41611->41538 41613 6bb76b0 ResumeThread 41612->41613 41615 6bb76e1 41613->41615 41615->41538 41617 6bb81de ReadProcessMemory 41616->41617 41619 6bb826f 41617->41619 41619->41564 41621 6bb822b ReadProcessMemory 41620->41621 41623 6bb826f 41621->41623 41623->41564

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 294 556cecc-556e1a8 297 556e1ae-556e1b3 294->297 298 556e68b-556e6f4 294->298 297->298 299 556e1b9-556e1d6 297->299 306 556e6fb-556e783 298->306 305 556e1dc-556e1e0 299->305 299->306 307 556e1e2-556e1ec call 556cedc 305->307 308 556e1ef-556e1f3 305->308 350 556e78e-556e80e 306->350 307->308 311 556e1f5-556e1ff call 556cedc 308->311 312 556e202-556e209 308->312 311->312 316 556e324-556e329 312->316 317 556e20f-556e23f 312->317 321 556e331-556e336 316->321 322 556e32b-556e32f 316->322 326 556e245-556e318 call 556cee8 * 2 317->326 327 556ea0e-556ea34 317->327 325 556e348-556e378 call 556cef4 * 3 321->325 322->321 324 556e338-556e33c 322->324 324->327 331 556e342-556e345 324->331 325->350 351 556e37e-556e381 325->351 326->316 358 556e31a 326->358 339 556ea36-556ea42 327->339 340 556ea44 327->340 331->325 343 556ea47-556ea4c 339->343 340->343 365 556e815-556e897 350->365 351->350 353 556e387-556e389 351->353 353->350 356 556e38f-556e3c4 353->356 356->365 366 556e3ca-556e3d3 356->366 358->316 373 556e89f-556e921 365->373 368 556e536-556e53a 366->368 369 556e3d9-556e433 call 556cef4 * 2 call 556cf04 * 2 366->369 372 556e540-556e544 368->372 368->373 413 556e445 369->413 414 556e435-556e43e 369->414 376 556e54a-556e550 372->376 377 556e929-556e956 372->377 373->377 381 556e554-556e589 376->381 382 556e552 376->382 390 556e95d-556e9dd 377->390 383 556e590-556e596 381->383 382->383 389 556e59c-556e5a4 383->389 383->390 395 556e5a6-556e5aa 389->395 396 556e5ab-556e5ad 389->396 446 556e9e4-556ea06 390->446 395->396 402 556e60f-556e615 396->402 403 556e5af-556e5d3 396->403 408 556e617-556e632 402->408 409 556e634-556e662 402->409 431 556e5d5-556e5da 403->431 432 556e5dc-556e5e0 403->432 429 556e66a-556e676 408->429 409->429 419 556e449-556e44b 413->419 418 556e440-556e443 414->418 414->419 418->419 427 556e452-556e456 419->427 428 556e44d 419->428 433 556e464-556e46a 427->433 434 556e458-556e45f 427->434 428->427 429->446 447 556e67c-556e688 429->447 438 556e5ec-556e5fd 431->438 432->327 439 556e5e6-556e5e9 432->439 435 556e474-556e479 433->435 436 556e46c-556e472 433->436 443 556e501-556e505 434->443 444 556e47f-556e485 435->444 436->444 483 556e5ff call 556eaa8 438->483 484 556e5ff call 556ea99 438->484 439->438 448 556e507-556e521 443->448 449 556e524-556e530 443->449 451 556e487-556e489 444->451 452 556e48b-556e490 444->452 446->327 448->449 449->368 449->369 458 556e492-556e4a4 451->458 452->458 455 556e605-556e60d 455->429 464 556e4a6-556e4ac 458->464 465 556e4ae-556e4b3 458->465 466 556e4b9-556e4c0 464->466 465->466 471 556e4c6 466->471 472 556e4c2-556e4c4 466->472 473 556e4cb-556e4d6 471->473 472->473 475 556e4fa 473->475 476 556e4d8-556e4db 473->476 475->443 476->443 478 556e4dd-556e4e3 476->478 479 556e4e5-556e4e8 478->479 480 556e4ea-556e4f3 478->480 479->475 479->480 480->443 482 556e4f5-556e4f8 480->482 482->443 482->475 483->455 484->455
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Hcq$Hcq$Hcq$Hcq$Hcq
                                                                                                                                                                                                                                  • API String ID: 0-1692708840
                                                                                                                                                                                                                                  • Opcode ID: ed5ad273c1be48d25bc0835f680c27edddb7a5b1d13842ace47be618dd1d666f
                                                                                                                                                                                                                                  • Instruction ID: e838cc508e9aa95733a938e522a8556413cd001c090b26634b4155d7a2ddc14e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed5ad273c1be48d25bc0835f680c27edddb7a5b1d13842ace47be618dd1d666f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4328F30E00298CFDB54DF68C8557AEBBB6BF84304F1485AAD00AAB395DB349D45CFA1

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 635 6c64293-6c642b0 636 6c642b2-6c642d8 635->636 637 6c642f1-6c64313 635->637 636->637 638 6c64315 637->638 639 6c6431a-6c64374 637->639 638->639 642 6c64377 639->642 643 6c6437e-6c6439a 642->643 644 6c643a3-6c643a4 643->644 645 6c6439c 643->645 646 6c64550-6c645c0 644->646 647 6c643a9-6c643d1 644->647 645->642 645->646 645->647 648 6c644a6-6c644bb 645->648 649 6c643e7-6c643ef call 6c64ba0 645->649 650 6c644c0-6c644ee 645->650 651 6c6452f-6c6454b 645->651 652 6c6440c-6c64410 645->652 653 6c6446b-6c644a1 645->653 654 6c644f3-6c6450e 645->654 655 6c643d3-6c643e5 645->655 656 6c64513-6c6452a 645->656 657 6c6443c-6c64466 645->657 673 6c645c2 call 6c658ab 646->673 674 6c645c2 call 6c655d9 646->674 647->643 648->643 661 6c643f5-6c64407 649->661 650->643 651->643 658 6c64412-6c64421 652->658 659 6c64423-6c6442a 652->659 653->643 654->643 655->643 656->643 657->643 662 6c64431-6c64437 658->662 659->662 661->643 662->643 672 6c645c8-6c645d2 673->672 674->672
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Te_q$Te_q$z^I
                                                                                                                                                                                                                                  • API String ID: 0-645441871
                                                                                                                                                                                                                                  • Opcode ID: e889d929330b72ca0922e4d4770230375e3ba9d924abf4873b4ed1f67a367d48
                                                                                                                                                                                                                                  • Instruction ID: 2eafd305187987867f18e277f3a441be91469252bbef077c4808e2e581dac826
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e889d929330b72ca0922e4d4770230375e3ba9d924abf4873b4ed1f67a367d48
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2CA10770E002198FDB48CFAAC9846DEFBF2EF89310F24D52AE455AB254D7349945CF68

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 676 6c642df-6c642e1 677 6c642e3-6c64313 676->677 678 6c642da-6c642de 676->678 679 6c64315 677->679 680 6c6431a-6c64374 677->680 678->676 679->680 683 6c64377 680->683 684 6c6437e-6c6439a 683->684 685 6c643a3-6c643a4 684->685 686 6c6439c 684->686 687 6c64550-6c64585 685->687 688 6c643a9-6c643d1 685->688 686->683 686->687 686->688 689 6c644a6-6c644bb 686->689 690 6c643e7-6c643ef call 6c64ba0 686->690 691 6c644c0-6c644ee 686->691 692 6c6452f-6c6454b 686->692 693 6c6440c-6c64410 686->693 694 6c6446b-6c644a1 686->694 695 6c644f3-6c6450e 686->695 696 6c643d3-6c643e5 686->696 697 6c64513-6c6452a 686->697 698 6c6443c-6c64466 686->698 712 6c6458b-6c645c0 687->712 688->684 689->684 702 6c643f5-6c64407 690->702 691->684 692->684 699 6c64412-6c64421 693->699 700 6c64423-6c6442a 693->700 694->684 695->684 696->684 697->684 698->684 703 6c64431-6c64437 699->703 700->703 702->684 703->684 715 6c645c2 call 6c658ab 712->715 716 6c645c2 call 6c655d9 712->716 713 6c645c8-6c645d2 715->713 716->713
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Te_q$Te_q$z^I
                                                                                                                                                                                                                                  • API String ID: 0-645441871
                                                                                                                                                                                                                                  • Opcode ID: 7b8b957ab851a05447940567353ccbd3d8c4f36f593b8e9bf627d444494e149f
                                                                                                                                                                                                                                  • Instruction ID: dc85518c9c3b24314adc7d216072e0a2f704a6933a4923362b7ec4efb341ac9d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b8b957ab851a05447940567353ccbd3d8c4f36f593b8e9bf627d444494e149f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E91D374E142198FDB48CFAAC9846DEFBF2EF89300F24D52AE415AB264D7349905CF64

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 717 6c642f0-6c64313 719 6c64315 717->719 720 6c6431a-6c64374 717->720 719->720 723 6c64377 720->723 724 6c6437e-6c6439a 723->724 725 6c643a3-6c643a4 724->725 726 6c6439c 724->726 727 6c64550-6c645c0 725->727 728 6c643a9-6c643d1 725->728 726->723 726->727 726->728 729 6c644a6-6c644bb 726->729 730 6c643e7-6c643ef call 6c64ba0 726->730 731 6c644c0-6c644ee 726->731 732 6c6452f-6c6454b 726->732 733 6c6440c-6c64410 726->733 734 6c6446b-6c644a1 726->734 735 6c644f3-6c6450e 726->735 736 6c643d3-6c643e5 726->736 737 6c64513-6c6452a 726->737 738 6c6443c-6c64466 726->738 755 6c645c2 call 6c658ab 727->755 756 6c645c2 call 6c655d9 727->756 728->724 729->724 742 6c643f5-6c64407 730->742 731->724 732->724 739 6c64412-6c64421 733->739 740 6c64423-6c6442a 733->740 734->724 735->724 736->724 737->724 738->724 743 6c64431-6c64437 739->743 740->743 742->724 743->724 753 6c645c8-6c645d2 755->753 756->753
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: Te_q$Te_q$z^I
                                                                                                                                                                                                                                  • API String ID: 0-645441871
                                                                                                                                                                                                                                  • Opcode ID: 25faaf322ddfc8584381120e2cdd85bdac4bc4516b394ee355e3ab806cd0ffb9
                                                                                                                                                                                                                                  • Instruction ID: 577fd57c5a6958719eb7c9557f3b48e64ca0704f48a9b11373299da375f8ff32
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25faaf322ddfc8584381120e2cdd85bdac4bc4516b394ee355e3ab806cd0ffb9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C91B2B4E002198FDB48CFAAC5856DEFBF2EF89300F24D42AE515AB264D73499058F58

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 779 6c66371-6c663dc 780 6c663de-6c6643d 779->780 781 6c6643f-6c6647d 779->781 780->781 782 6c66484-6c664c2 call 6c66a00 781->782 783 6c6647f 781->783 785 6c664c8 782->785 783->782 786 6c664cf-6c664eb 785->786 787 6c664f4-6c664f5 786->787 788 6c664ed 786->788 801 6c6684b-6c66852 787->801 788->785 788->787 789 6c66666-6c66686 788->789 790 6c665c6-6c665d8 788->790 791 6c666a7-6c666bc 788->791 792 6c66527-6c66539 788->792 793 6c66805-6c66811 788->793 794 6c66600-6c6660c 788->794 795 6c666c1-6c666ce 788->795 796 6c6664f-6c66661 788->796 797 6c6682f-6c66846 788->797 798 6c666ed-6c666f1 788->798 799 6c6674d-6c66759 788->799 800 6c6662a-6c6664a 788->800 788->801 802 6c6668b-6c666a2 788->802 803 6c666d3-6c666e8 788->803 804 6c66570-6c66588 788->804 805 6c6671d-6c66721 788->805 806 6c665dd-6c665fb 788->806 807 6c664fa-6c664fe 788->807 808 6c6653b-6c66544 788->808 809 6c667db-6c667e3 call 6c66dc1 788->809 789->786 790->786 791->786 792->786 812 6c66813 793->812 813 6c66818-6c6682a 793->813 822 6c66613-6c66625 794->822 823 6c6660e 794->823 795->786 796->786 797->786 814 6c66704-6c6670b 798->814 815 6c666f3-6c66702 798->815 820 6c66760-6c66776 799->820 821 6c6675b 799->821 800->786 802->786 803->786 816 6c6658f-6c665a5 804->816 817 6c6658a 804->817 818 6c66734-6c6673b 805->818 819 6c66723-6c66732 805->819 806->786 824 6c66500-6c6650f 807->824 825 6c66511-6c66518 807->825 810 6c66546-6c66555 808->810 811 6c66557-6c6655e 808->811 828 6c667e9-6c66800 809->828 827 6c66565-6c6656b 810->827 811->827 812->813 813->786 829 6c66712-6c66718 814->829 815->829 838 6c665a7 816->838 839 6c665ac-6c665c1 816->839 817->816 830 6c66742-6c66748 818->830 819->830 840 6c6677d-6c66793 820->840 841 6c66778 820->841 821->820 822->786 823->822 833 6c6651f-6c66525 824->833 825->833 827->786 828->786 829->786 830->786 833->786 838->839 839->786 844 6c66795 840->844 845 6c6679a-6c667b0 840->845 841->840 844->845 847 6c667b7-6c667d6 845->847 848 6c667b2 845->848 847->786 848->847
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ry$ry
                                                                                                                                                                                                                                  • API String ID: 0-883804406
                                                                                                                                                                                                                                  • Opcode ID: 44c7043820ba15650423507bc942568fbb1c9da1e881f45c39271a7dc1c53fa8
                                                                                                                                                                                                                                  • Instruction ID: a669893a91723d5d5b2d39e09030e779bccd143878c0dfcc56fb88fe9d885ea3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 44c7043820ba15650423507bc942568fbb1c9da1e881f45c39271a7dc1c53fa8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08F1E171909246CFC754CFAAC4904AEFFF2BF8A310F24865AD095AB391D3749582CFA5

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 852 6c6633a-6c66346 854 6c66398-6c663dc 852->854 855 6c66348-6c6634a 852->855 856 6c663de-6c6643d 854->856 857 6c6643f-6c6647d 854->857 855->854 856->857 858 6c66484-6c664c2 call 6c66a00 857->858 859 6c6647f 857->859 861 6c664c8 858->861 859->858 862 6c664cf-6c664eb 861->862 863 6c664f4-6c664f5 862->863 864 6c664ed 862->864 877 6c6684b-6c66852 863->877 864->861 864->863 865 6c66666-6c66686 864->865 866 6c665c6-6c665d8 864->866 867 6c666a7-6c666bc 864->867 868 6c66527-6c66539 864->868 869 6c66805-6c66811 864->869 870 6c66600-6c6660c 864->870 871 6c666c1-6c666ce 864->871 872 6c6664f-6c66661 864->872 873 6c6682f-6c66846 864->873 874 6c666ed-6c666f1 864->874 875 6c6674d-6c66759 864->875 876 6c6662a-6c6664a 864->876 864->877 878 6c6668b-6c666a2 864->878 879 6c666d3-6c666e8 864->879 880 6c66570-6c66588 864->880 881 6c6671d-6c66721 864->881 882 6c665dd-6c665fb 864->882 883 6c664fa-6c664fe 864->883 884 6c6653b-6c66544 864->884 885 6c667db-6c667e3 call 6c66dc1 864->885 865->862 866->862 867->862 868->862 888 6c66813 869->888 889 6c66818-6c6682a 869->889 898 6c66613-6c66625 870->898 899 6c6660e 870->899 871->862 872->862 873->862 890 6c66704-6c6670b 874->890 891 6c666f3-6c66702 874->891 896 6c66760-6c66776 875->896 897 6c6675b 875->897 876->862 878->862 879->862 892 6c6658f-6c665a5 880->892 893 6c6658a 880->893 894 6c66734-6c6673b 881->894 895 6c66723-6c66732 881->895 882->862 900 6c66500-6c6650f 883->900 901 6c66511-6c66518 883->901 886 6c66546-6c66555 884->886 887 6c66557-6c6655e 884->887 904 6c667e9-6c66800 885->904 903 6c66565-6c6656b 886->903 887->903 888->889 889->862 905 6c66712-6c66718 890->905 891->905 914 6c665a7 892->914 915 6c665ac-6c665c1 892->915 893->892 906 6c66742-6c66748 894->906 895->906 916 6c6677d-6c66793 896->916 917 6c66778 896->917 897->896 898->862 899->898 909 6c6651f-6c66525 900->909 901->909 903->862 904->862 905->862 906->862 909->862 914->915 915->862 920 6c66795 916->920 921 6c6679a-6c667b0 916->921 917->916 920->921 923 6c667b7-6c667d6 921->923 924 6c667b2 921->924 923->862 924->923
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ry$ry
                                                                                                                                                                                                                                  • API String ID: 0-883804406
                                                                                                                                                                                                                                  • Opcode ID: 84dc9dc4f879fc1c7f673ee908969a3118f954e55499f9003fff82eb1ba8c3f9
                                                                                                                                                                                                                                  • Instruction ID: 2eda7c7cf26aae92073b560be9631df1d9ea212d2d078a3f8dde7ba7ebd53b65
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84dc9dc4f879fc1c7f673ee908969a3118f954e55499f9003fff82eb1ba8c3f9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAF1DF71905246CFD754CFAAC4904AEFFF2BF89310F24865AE095AB391D3349982CFA5

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 928 6c66458-6c6647d 929 6c66484-6c664c2 call 6c66a00 928->929 930 6c6647f 928->930 932 6c664c8 929->932 930->929 933 6c664cf-6c664eb 932->933 934 6c664f4-6c664f5 933->934 935 6c664ed 933->935 948 6c6684b-6c66852 934->948 935->932 935->934 936 6c66666-6c66686 935->936 937 6c665c6-6c665d8 935->937 938 6c666a7-6c666bc 935->938 939 6c66527-6c66539 935->939 940 6c66805-6c66811 935->940 941 6c66600-6c6660c 935->941 942 6c666c1-6c666ce 935->942 943 6c6664f-6c66661 935->943 944 6c6682f-6c66846 935->944 945 6c666ed-6c666f1 935->945 946 6c6674d-6c66759 935->946 947 6c6662a-6c6664a 935->947 935->948 949 6c6668b-6c666a2 935->949 950 6c666d3-6c666e8 935->950 951 6c66570-6c66588 935->951 952 6c6671d-6c66721 935->952 953 6c665dd-6c665fb 935->953 954 6c664fa-6c664fe 935->954 955 6c6653b-6c66544 935->955 956 6c667db-6c667e3 call 6c66dc1 935->956 936->933 937->933 938->933 939->933 959 6c66813 940->959 960 6c66818-6c6682a 940->960 969 6c66613-6c66625 941->969 970 6c6660e 941->970 942->933 943->933 944->933 961 6c66704-6c6670b 945->961 962 6c666f3-6c66702 945->962 967 6c66760-6c66776 946->967 968 6c6675b 946->968 947->933 949->933 950->933 963 6c6658f-6c665a5 951->963 964 6c6658a 951->964 965 6c66734-6c6673b 952->965 966 6c66723-6c66732 952->966 953->933 971 6c66500-6c6650f 954->971 972 6c66511-6c66518 954->972 957 6c66546-6c66555 955->957 958 6c66557-6c6655e 955->958 975 6c667e9-6c66800 956->975 974 6c66565-6c6656b 957->974 958->974 959->960 960->933 976 6c66712-6c66718 961->976 962->976 985 6c665a7 963->985 986 6c665ac-6c665c1 963->986 964->963 977 6c66742-6c66748 965->977 966->977 987 6c6677d-6c66793 967->987 988 6c66778 967->988 968->967 969->933 970->969 980 6c6651f-6c66525 971->980 972->980 974->933 975->933 976->933 977->933 980->933 985->986 986->933 991 6c66795 987->991 992 6c6679a-6c667b0 987->992 988->987 991->992 994 6c667b7-6c667d6 992->994 995 6c667b2 992->995 994->933 995->994
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ry$ry
                                                                                                                                                                                                                                  • API String ID: 0-883804406
                                                                                                                                                                                                                                  • Opcode ID: 2af09b06a6d49687c271f4bd06aa84f6958c0f5ebdbdf7d9cb2a64bf69568d1b
                                                                                                                                                                                                                                  • Instruction ID: 83b364169d267a8a049aa7cb5fd35658e4465997bfd0de337b823f541e641a9c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2af09b06a6d49687c271f4bd06aa84f6958c0f5ebdbdf7d9cb2a64bf69568d1b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7C128B0D1521ADFDB44CFA7C4958AEFBB2FF88300B108559E515AB314D734AA42CF99

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 999 6c6d280-6c6d2a5 1000 6c6d2a7 999->1000 1001 6c6d2ac-6c6d2dd 999->1001 1000->1001 1002 6c6d2de 1001->1002 1003 6c6d2e5-6c6d301 1002->1003 1004 6c6d303 1003->1004 1005 6c6d30a-6c6d30b 1003->1005 1004->1002 1004->1005 1006 6c6d577-6c6d580 1004->1006 1007 6c6d463-6c6d478 1004->1007 1008 6c6d3e0-6c6d3f7 1004->1008 1009 6c6d541-6c6d558 1004->1009 1010 6c6d3af-6c6d3b2 1004->1010 1011 6c6d36c-6c6d393 1004->1011 1012 6c6d52a-6c6d53c 1004->1012 1013 6c6d48b-6c6d4b2 1004->1013 1014 6c6d44b-6c6d45e 1004->1014 1015 6c6d4f6-6c6d50e 1004->1015 1016 6c6d4b7-6c6d4ca 1004->1016 1017 6c6d414-6c6d418 1004->1017 1018 6c6d354-6c6d367 1004->1018 1019 6c6d513-6c6d525 1004->1019 1020 6c6d310-6c6d341 1004->1020 1021 6c6d3fc-6c6d40f 1004->1021 1022 6c6d47d-6c6d486 1004->1022 1023 6c6d55d-6c6d572 1004->1023 1024 6c6d398-6c6d3aa 1004->1024 1005->1006 1007->1003 1008->1003 1009->1003 1038 6c6d3b5 call 6c6d6c1 1010->1038 1039 6c6d3b5 call 6c6b5ac 1010->1039 1011->1003 1012->1003 1013->1003 1014->1003 1015->1003 1027 6c6d4cc-6c6d4db 1016->1027 1028 6c6d4dd-6c6d4e4 1016->1028 1025 6c6d41a-6c6d429 1017->1025 1026 6c6d42b-6c6d432 1017->1026 1018->1003 1019->1003 1036 6c6d344 call 6c6d8e0 1020->1036 1037 6c6d344 call 6c6d8f0 1020->1037 1021->1003 1022->1003 1023->1003 1024->1003 1029 6c6d439-6c6d446 1025->1029 1026->1029 1033 6c6d4eb-6c6d4f1 1027->1033 1028->1033 1029->1003 1033->1003 1034 6c6d3bb-6c6d3db 1034->1003 1035 6c6d34a-6c6d352 1035->1003 1036->1035 1037->1035 1038->1034 1039->1034
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: TuA$UC;"
                                                                                                                                                                                                                                  • API String ID: 0-2071649361
                                                                                                                                                                                                                                  • Opcode ID: 3564ca0846a74fff7f8341de105ab3170839595e1fd9a39d3ca36a8f214361e1
                                                                                                                                                                                                                                  • Instruction ID: 2f5f3668178d0bbd37eaf7267b0033ec895e6a89a6ef26b45b5f58fb7556e937
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3564ca0846a74fff7f8341de105ab3170839595e1fd9a39d3ca36a8f214361e1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E911B71E14209DFDB48CFE6E4845AEFBB2FF85310F10942AE416A7264D734A942CF48

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1040 6c6d270-6c6d2a5 1041 6c6d2a7 1040->1041 1042 6c6d2ac-6c6d2dd 1040->1042 1041->1042 1043 6c6d2de 1042->1043 1044 6c6d2e5-6c6d301 1043->1044 1045 6c6d303 1044->1045 1046 6c6d30a-6c6d30b 1044->1046 1045->1043 1045->1046 1047 6c6d577-6c6d580 1045->1047 1048 6c6d463-6c6d478 1045->1048 1049 6c6d3e0-6c6d3f7 1045->1049 1050 6c6d541-6c6d558 1045->1050 1051 6c6d3af-6c6d3b2 1045->1051 1052 6c6d36c-6c6d393 1045->1052 1053 6c6d52a-6c6d53c 1045->1053 1054 6c6d48b-6c6d4b2 1045->1054 1055 6c6d44b-6c6d45e 1045->1055 1056 6c6d4f6-6c6d50e 1045->1056 1057 6c6d4b7-6c6d4ca 1045->1057 1058 6c6d414-6c6d418 1045->1058 1059 6c6d354-6c6d367 1045->1059 1060 6c6d513-6c6d525 1045->1060 1061 6c6d310-6c6d341 1045->1061 1062 6c6d3fc-6c6d40f 1045->1062 1063 6c6d47d-6c6d486 1045->1063 1064 6c6d55d-6c6d572 1045->1064 1065 6c6d398-6c6d3aa 1045->1065 1046->1047 1048->1044 1049->1044 1050->1044 1079 6c6d3b5 call 6c6d6c1 1051->1079 1080 6c6d3b5 call 6c6b5ac 1051->1080 1052->1044 1053->1044 1054->1044 1055->1044 1056->1044 1068 6c6d4cc-6c6d4db 1057->1068 1069 6c6d4dd-6c6d4e4 1057->1069 1066 6c6d41a-6c6d429 1058->1066 1067 6c6d42b-6c6d432 1058->1067 1059->1044 1060->1044 1077 6c6d344 call 6c6d8e0 1061->1077 1078 6c6d344 call 6c6d8f0 1061->1078 1062->1044 1063->1044 1064->1044 1065->1044 1070 6c6d439-6c6d446 1066->1070 1067->1070 1074 6c6d4eb-6c6d4f1 1068->1074 1069->1074 1070->1044 1074->1044 1075 6c6d3bb-6c6d3db 1075->1044 1076 6c6d34a-6c6d352 1076->1044 1077->1076 1078->1076 1079->1075 1080->1075
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: TuA$UC;"
                                                                                                                                                                                                                                  • API String ID: 0-2071649361
                                                                                                                                                                                                                                  • Opcode ID: 1b5d56b04449480a8cd83ff1a4dae164b73ab2f8efa3622b96f3d03d6a80e7cf
                                                                                                                                                                                                                                  • Instruction ID: 66a903a3d60c7fd4510b4e86c135a19e668361519246829a994167d48bae3f8d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b5d56b04449480a8cd83ff1a4dae164b73ab2f8efa3622b96f3d03d6a80e7cf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51911B71E1520ADFDB48CFA6E4C45AEFBB2EF85310F10D42AE416A7264D734A942CF48
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 5=6
                                                                                                                                                                                                                                  • API String ID: 0-2897083178
                                                                                                                                                                                                                                  • Opcode ID: 393772f85554860e1d706532a61ef11bb5e1430f685f824f5f609a4a0fde4e70
                                                                                                                                                                                                                                  • Instruction ID: 623b8cfc23303f43047c5f5c0f7242126ff0847abbfd19af4edb911969fdcb76
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 393772f85554860e1d706532a61ef11bb5e1430f685f824f5f609a4a0fde4e70
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3713A74E0520AAFCB44DFA6D9804AEFBB2FF89341B10D52AD516E7254DB389A01CF94
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 5=6
                                                                                                                                                                                                                                  • API String ID: 0-2897083178
                                                                                                                                                                                                                                  • Opcode ID: 3313f18fc8ec465134a6ce89192c16a4712b50f2fa5632ff6aaa5f0a14660eef
                                                                                                                                                                                                                                  • Instruction ID: aa5fbe2eb2c361d869431a654b3c5cd72d2922e0a69ad7a54a9837a680f3ae0d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3313f18fc8ec465134a6ce89192c16a4712b50f2fa5632ff6aaa5f0a14660eef
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04614A74E0520AAFCB44DFA6D8804AEFBB2FF89341F10D52AD116E7254DB389A01CF94
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: -2m
                                                                                                                                                                                                                                  • API String ID: 0-2686427999
                                                                                                                                                                                                                                  • Opcode ID: 90e37ac6e71655c9abd1161c9a67b3ef59445fb4617ab67c278292b5a6f8d7f1
                                                                                                                                                                                                                                  • Instruction ID: dc3d71be5a0d61b8a40a01a8931e67ba5f94d89fd1c9ace1264f2f5f2519f31e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e37ac6e71655c9abd1161c9a67b3ef59445fb4617ab67c278292b5a6f8d7f1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59512BB0E052099FDB08DFAAD5806AEFBF2EF89301F24D06AD419B7254D7345944CB68
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 293f24ad03f4f9b6da7d486c02aae7804326617f5d5acd639100b65179c841eb
                                                                                                                                                                                                                                  • Instruction ID: dd150386e159d85b7f592695fb3c1a895c0e162634155be1fd3c10f4af220a90
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 293f24ad03f4f9b6da7d486c02aae7804326617f5d5acd639100b65179c841eb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8AC15BB1B007048FDB69DB79C8507BA77E6EF88700F1494ADD14A9B291CF75E901CBA1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b12e64710cc2110181154426875253014131eff59bf4e677d8e54ff8b359d4ad
                                                                                                                                                                                                                                  • Instruction ID: a17a56aba38593ef817eea1cadbe67f5a2d6ce73581565009bc1e49627aea2a0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b12e64710cc2110181154426875253014131eff59bf4e677d8e54ff8b359d4ad
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCC17D35E012999FCF15CF69C98179EBBB2BF88300F14C1AAD449AB255EB30E985CF51
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 065ea8b422da59816a645e8a2dce58daaad0004721cc1eedea9b1cdf4e4bd7e5
                                                                                                                                                                                                                                  • Instruction ID: 5ff56e42852aa2eafbbee11e9657ac1e63bbdbaa6c75abc27607f934ce4b3f0f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 065ea8b422da59816a645e8a2dce58daaad0004721cc1eedea9b1cdf4e4bd7e5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40C16C35E012999FCF15CF64C981B9EBBB2BF88300F14C1AAD449AB255EB30E985CF51
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b93e1e4030083a251d39d6a19e15a886bb0d74a5a757aef9416930c86c689a9b
                                                                                                                                                                                                                                  • Instruction ID: 2a11f40e103d5faf5db082a73b4ced14e992e7c88a944291c33391015e2d9e78
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b93e1e4030083a251d39d6a19e15a886bb0d74a5a757aef9416930c86c689a9b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47B1F671E0520D9FDB58DFA6D98059EFBB2FF88300F20D42AE016AB254D735AA06CF54
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 093c28f7b6caeff527fb891275fbb28613ed11b4c514079fa51cb6351184a1a9
                                                                                                                                                                                                                                  • Instruction ID: bc147adfac558ca9eb330a83c701c507d3dfa01ab93b1c482728454bb408a125
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 093c28f7b6caeff527fb891275fbb28613ed11b4c514079fa51cb6351184a1a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2A10571E0520D9FDB58DFA6D98059EFBB2FF88300F20D42AE01AA7254D775AA02CF54
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 24fb3068a3a630e6c42e0a1ce41cd4a491e131aab873cf1e752118ee0403ed46
                                                                                                                                                                                                                                  • Instruction ID: f7ad179f4b4884d999e07b668595e4cd9869a2a555c97bb8fd2e7600a05f9eee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24fb3068a3a630e6c42e0a1ce41cd4a491e131aab873cf1e752118ee0403ed46
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC710BB1D456198FEB68DF66C8407E9B7B6AF8A300F14D1EAC50DA6250EBB04A85CF40
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3745bcede55159e84f91d618edb0f3fb201b8c16f7c3eead988a48af81e7b8c6
                                                                                                                                                                                                                                  • Instruction ID: 2029b877794af59f61760f26f86d4246bcda2aee45b4b910569a3951ff5ef360
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3745bcede55159e84f91d618edb0f3fb201b8c16f7c3eead988a48af81e7b8c6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA310AB1E016188BDB18CF97D9446DEBBB3EFC9310F14C06AE509AB264DB355945CF50

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 591 d0d1c8-d0d267 GetCurrentProcess 595 d0d270-d0d2a4 GetCurrentThread 591->595 596 d0d269-d0d26f 591->596 597 d0d2a6-d0d2ac 595->597 598 d0d2ad-d0d2e1 GetCurrentProcess 595->598 596->595 597->598 600 d0d2e3-d0d2e9 598->600 601 d0d2ea-d0d305 call d0d3a8 598->601 600->601 604 d0d30b-d0d33a GetCurrentThreadId 601->604 605 d0d343-d0d3a5 604->605 606 d0d33c-d0d342 604->606 606->605
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00D0D256
                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00D0D293
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00D0D2D0
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D0D329
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                  • Opcode ID: 08e156fe83a3c8718381aede9ab38e5e0afb39e16ca3c390f6b4fd7036303430
                                                                                                                                                                                                                                  • Instruction ID: 7de80508d19d11c5f2b48705023e7cbc8cc2777b19090d9d1e8567e3e6304d53
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08e156fe83a3c8718381aede9ab38e5e0afb39e16ca3c390f6b4fd7036303430
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 445154B09002098FDB54DFAAD548BEEBBF1FF89314F24845AE009A73A1D7749984CF65

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 613 d0d1d8-d0d267 GetCurrentProcess 617 d0d270-d0d2a4 GetCurrentThread 613->617 618 d0d269-d0d26f 613->618 619 d0d2a6-d0d2ac 617->619 620 d0d2ad-d0d2e1 GetCurrentProcess 617->620 618->617 619->620 622 d0d2e3-d0d2e9 620->622 623 d0d2ea-d0d305 call d0d3a8 620->623 622->623 626 d0d30b-d0d33a GetCurrentThreadId 623->626 627 d0d343-d0d3a5 626->627 628 d0d33c-d0d342 626->628 628->627
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00D0D256
                                                                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00D0D293
                                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00D0D2D0
                                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00D0D329
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                                                                  • Opcode ID: 7cf595ae84d19a7d62a036de85dbfa189bd05807d65978f54d6abbc1503b221b
                                                                                                                                                                                                                                  • Instruction ID: 51a21fc5fad123f346ad0c2f31e16feeb79568f57f90f8d5728972cc38db76bf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cf595ae84d19a7d62a036de85dbfa189bd05807d65978f54d6abbc1503b221b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F5135B09003099FDB54DFAAD548BAEBBF1BF89314F24845AE009A73A0D774A944CF65
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BB85AE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: 359135a11af3467d875b2b6e6cf618de5290c1d4357aa6cb73df1c7583573a73
                                                                                                                                                                                                                                  • Instruction ID: a7ceb89c495d80c078735f8c1edd2de90b13137f189da8a763b9a5ce21dfae46
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 359135a11af3467d875b2b6e6cf618de5290c1d4357aa6cb73df1c7583573a73
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22A17BB1D00219CFDB60CF68C841BEEBBB6FF48314F0495AAD849A7250DBB59985CF91
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BB85AE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                                  • Opcode ID: ccf9a087672019aa18fa676956f40c4b467132f02ae8580504549443906a878c
                                                                                                                                                                                                                                  • Instruction ID: b891fa1e2eb9c0a714611b5e83e13b37b2a65968f06ad3d7c443c92a84eeb55e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccf9a087672019aa18fa676956f40c4b467132f02ae8580504549443906a878c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E917CB1D00219CFDB60CF68C841BEDBBB6FF48314F0495A9D849A7250DBB59985CF91
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00D0B47E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: df27b8f1a0e4df7b6312f2c5a92924dcea3fba09b665642f68bb22bd9c8d0fe5
                                                                                                                                                                                                                                  • Instruction ID: 5370fafdde70b27f8a9f426b0a73c421c36c29a95cac6ab425a4ac0766ff7d0e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df27b8f1a0e4df7b6312f2c5a92924dcea3fba09b665642f68bb22bd9c8d0fe5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32818670A04B458FD724CF69C05179ABBF1FF88314F14892EE08ADBA91D734E949CBA0
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00D059A9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 20a783bdf8a036683771a6e244df6170592aeeac594a905a25d7c18eddc80c28
                                                                                                                                                                                                                                  • Instruction ID: eba2ae73302dbda1f2ea8fcd630171dae8a300c411a618c036538f19b18db288
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20a783bdf8a036683771a6e244df6170592aeeac594a905a25d7c18eddc80c28
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE41F1B0C0071DCFDB24DFAAD844B8EBBB5BF48304F20816AD408AB295DB756945CFA0
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00D059A9
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 142f624a32dd82169584ab5b34db0e02c865ff6ae8e832e1de1dbdaf5c70fe32
                                                                                                                                                                                                                                  • Instruction ID: e15805e9d02c02e5472f9358e9a489f6a196b183712301aaa3b55df65c904872
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 142f624a32dd82169584ab5b34db0e02c865ff6ae8e832e1de1dbdaf5c70fe32
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AB41F1B0C00619CFDB24DFA9D884B8EBBB5BF48304F24816AD408AB295DB756945CFA0
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3668623891-0
                                                                                                                                                                                                                                  • Opcode ID: 9427efe121643c6299e3d58a45379213a71e01120e781aa4b96d3abd36d8c1cb
                                                                                                                                                                                                                                  • Instruction ID: 85d2a75e582f594e0537043e0031da7e9b55ea052133ee9ec1dba8b7adc1e542
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9427efe121643c6299e3d58a45379213a71e01120e781aa4b96d3abd36d8c1cb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B319872904389AFCB11DFAAD800A9EBFF8FF49310F14805AF954A7221C335A854DFA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BB8260
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 61f608785b4706efefe6f1856ecb02ad972f327690c3cb8d8460819612d63404
                                                                                                                                                                                                                                  • Instruction ID: 8f4aeca697578046cdbb332efc6d3d800c1ac076b5b4bad52466aa3f94fe0040
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61f608785b4706efefe6f1856ecb02ad972f327690c3cb8d8460819612d63404
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E2148B1C002899FCB20DFA9C945AEEBFB5FF48310F14845AD959A7251C7789905CBA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BB8180
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: 17874a74473a1582d95f43aaf30e2addcc5b628015f1e37d8fb5a94eee55c678
                                                                                                                                                                                                                                  • Instruction ID: 0f63d45245e967cd0ea93fc549b5e59040fa80085c7fccec645d397a7e96283c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17874a74473a1582d95f43aaf30e2addcc5b628015f1e37d8fb5a94eee55c678
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F22166B1D003199FCB10DFA9C981BEEBBF5FF48310F14842AE919A7240C7789945CBA0
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BB8180
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                                  • Opcode ID: e05ec740cde1064e4f61cac43d88ede77b70f6d9e2cdb583ecb72759650f5de5
                                                                                                                                                                                                                                  • Instruction ID: 95aefedd9e8a664d42d506b281d5ce8c3d37b03f45ada6aa398bd7cd22f1aede
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e05ec740cde1064e4f61cac43d88ede77b70f6d9e2cdb583ecb72759650f5de5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F2136B1D003599FCB10DFA9C885BEEBBF5FF48310F14842AE919A7240C778A945CBA0
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BB7FD6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: d0f621fb84f3d07317ec181bfea160051ee01c3c0b1856ca0c0cc3b03441a233
                                                                                                                                                                                                                                  • Instruction ID: 8ec2409504a7861ffe286d7ae783f19e11bbf5ba27d40ca3f414ef7420d2ca92
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0f621fb84f3d07317ec181bfea160051ee01c3c0b1856ca0c0cc3b03441a233
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84216AB1D002488FCB10DFA9C485BEEBBF4EF88314F10842AD459A7240CB789945CFA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D0D8AF
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: a236489cfa67c91eacd2d309492242fc1709aa89947d46f57443fcfae2c29db8
                                                                                                                                                                                                                                  • Instruction ID: 5ada1fe93352a26886a34e57fbd8c18bb85322187567341a694056e376b0acb1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a236489cfa67c91eacd2d309492242fc1709aa89947d46f57443fcfae2c29db8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 032114B5D002499FDB10CFAAD584AEEBFF5FB48320F14805AE918A7350D379A945CFA0
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BB8260
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                                  • Opcode ID: 32993aafe8770f96a8b7b69aab05d0d738f56c4abb31cca5162bdafcc2560796
                                                                                                                                                                                                                                  • Instruction ID: 35b67d8d7794fff07b3edce8cbc5c91b0602b37f5b0979fe822b481048dcfca0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32993aafe8770f96a8b7b69aab05d0d738f56c4abb31cca5162bdafcc2560796
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 852139B1C003499FCB10DFAAC981AEEFBF5FF48310F10842AE519A7240C7759945CBA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BB7FD6
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                                  • Opcode ID: fc0254663dd0e83f13c9f3f67f0a135d81f49371d0d960538e9ba54cbcefd329
                                                                                                                                                                                                                                  • Instruction ID: f2af197a15ee677889331657fc677731bb11f280bd614fc6df07ca5922f89be3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc0254663dd0e83f13c9f3f67f0a135d81f49371d0d960538e9ba54cbcefd329
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D72138B1D002498FDB50DFAAC585BEEBBF4EF88314F10842AD419A7240CB78A945CFA5
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00D0D8AF
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: b724bfeac38518fe278c56da14d8af14b91c7e0b5635695a1573b846ea771ed4
                                                                                                                                                                                                                                  • Instruction ID: cd6b94ab858e407f937031f69e681d82efbf998b3ec6674e233ae9b8bbc0111d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b724bfeac38518fe278c56da14d8af14b91c7e0b5635695a1573b846ea771ed4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A21C4B5D002489FDB10CFAAD584ADEBFF5FB48310F14845AE918A7350D374A954CFA5
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06C6B4E3
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                  • Opcode ID: c3b98cddd58c7ca3172cbc47bafc00ead8dc37c5b5c0800800c97e7b23dc677b
                                                                                                                                                                                                                                  • Instruction ID: b1c0e5616dc917f8f7597a879d35acc0c98b5b3a8163687ceb63029284918601
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3b98cddd58c7ca3172cbc47bafc00ead8dc37c5b5c0800800c97e7b23dc677b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 092138B68002499FCB10CF9AC884BDEFBF4FB48310F108429E858A7241D374A944CFA5
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,0556EAC2,?,?,?,?,?), ref: 0556EB67
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateFromIconResource
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3668623891-0
                                                                                                                                                                                                                                  • Opcode ID: 04bf8f59f7020b9382a5f445686ba769da4f5db0fb00c8e34057d6edfc3e317e
                                                                                                                                                                                                                                  • Instruction ID: d4cbe95bd4f9844d597d3a48191ba382d58fd7f57d38bab621e3dee3c32c3b2b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04bf8f59f7020b9382a5f445686ba769da4f5db0fb00c8e34057d6edfc3e317e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 141167B580024D9FDB10CFAAD845BEEBFF8FB48310F14841AE915A7210C375A954CFA4
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06C6B4E3
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                                                                                                                  • Opcode ID: 17ee22675d63ca6a56122e99d82251c6c91ebc86a1a0dbc54541a4bd997ab2c5
                                                                                                                                                                                                                                  • Instruction ID: f8ba14c92636e6e0c28dba164c300ec789130cd9533d3c67a683d846ffab7e46
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17ee22675d63ca6a56122e99d82251c6c91ebc86a1a0dbc54541a4bd997ab2c5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E62129B5D002499FCB10DF9AC484BDEFBF4FB48310F10842AE958A7251D375A944CFA5
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BB809E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: a087a7c762ed2ebf125779b08a659cefd87e0f78baf57dce38f696317a724208
                                                                                                                                                                                                                                  • Instruction ID: cfd71d95d0ebf1b06f62c5ac69e3e452d72c30143b04408b506ed2db89aecbe9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a087a7c762ed2ebf125779b08a659cefd87e0f78baf57dce38f696317a724208
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9116772C002488FCB20DFA9C945AEFBFF5EF88320F14881AE919A7250C7759955CFA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BB809E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                                  • Opcode ID: 2fbfd95290b869ba410914bd9689aec5252a28a76bc57fbbf39101af2ee4d4f7
                                                                                                                                                                                                                                  • Instruction ID: eb25962edd74791f536c509cf796eb29a2299a37aba08af9366c5b5280b48340
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fbfd95290b869ba410914bd9689aec5252a28a76bc57fbbf39101af2ee4d4f7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2113772D002499FCB20DFAAC845AEEBFF5EF88324F10841AE519A7250C775A944CFA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: 578dc0e8b784bb7cad3eb7a8ab82948e8f43f311555c614245f964ed1c052b9c
                                                                                                                                                                                                                                  • Instruction ID: db6eecfd04c592c863198f87c33fe2de8cffe3f024bfbf32fe302762585355c9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 578dc0e8b784bb7cad3eb7a8ab82948e8f43f311555c614245f964ed1c052b9c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D1158B1D002488FCB24DFA9C5457EEFBF5AB88314F10846AD419B7240CA756945CBA4
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                                  • Opcode ID: 52119cf35b33294dc541da4af9de92e602dbefec94166b85b677c93ffbd0f679
                                                                                                                                                                                                                                  • Instruction ID: 4dd8c602b2256e9835f32870eaf05fb72e0fe3ea326b2b97eafa9c8135361259
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52119cf35b33294dc541da4af9de92e602dbefec94166b85b677c93ffbd0f679
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6113AB1D042498FCB20DFAEC4457EEFFF4EB88324F10845AD419A7240CB75A945CBA5
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BBA7B5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 49f91c99fee14bdb2b9145c142e727212d54589b5b54f62c78e7c1469f32625a
                                                                                                                                                                                                                                  • Instruction ID: f8d951a7e02900fbd81b1b8236df90fe701534ed88b7c9aca31087e4c1b9d716
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49f91c99fee14bdb2b9145c142e727212d54589b5b54f62c78e7c1469f32625a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 091106B5C043489FDB50DF9AD985BEEBFF8EB48314F108459E518A7204D3B5A944CFA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00D0B47E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 1b56f940ed980ea74a2258751921793a374e4763d433e7b9caff7ddb51765d19
                                                                                                                                                                                                                                  • Instruction ID: d38e3b200f928816169651e2f5fd5fd15396c7794cc46c941c63664a99aa772b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b56f940ed980ea74a2258751921793a374e4763d433e7b9caff7ddb51765d19
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD110FB6C042498FCB10CF9AD444B9EFBF4EB88328F14841AD418A7350C379A645CFA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BBA7B5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 3b8b6ce6b07d717c65e3e4c9f825c86eaceafee5681d0e18a374a43bb1a79d51
                                                                                                                                                                                                                                  • Instruction ID: 02aa81eb0ee1e0ff03e7383135178c7221c0361f0de6092c7967b7580c01dde7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b8b6ce6b07d717c65e3e4c9f825c86eaceafee5681d0e18a374a43bb1a79d51
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 541103B5804348DFDB10CF9AD985BEEBFF8EB48314F14884AE559A7240C3B5A584CFA1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?), ref: 0556DAB8
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                  • Opcode ID: 0aca26347c15314461d79d52fe61baae13af03b44df514684bd02599cd5ee2ea
                                                                                                                                                                                                                                  • Instruction ID: f1d076a3f62fcae434d4699490147d69e0adac8bc6e294f4adcb33230a5363a4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aca26347c15314461d79d52fe61baae13af03b44df514684bd02599cd5ee2ea
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C91163B68043488FCB20DFA9C645BDEBBF0FB48320F24841AD458A7740C378A645CFA0
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CloseHandle.KERNELBASE(?), ref: 0556DAB8
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2962429428-0
                                                                                                                                                                                                                                  • Opcode ID: 9d31d72ddc2393c1eb8957d45a23df1af4273040c40ac266a7d65e0c31cfe02f
                                                                                                                                                                                                                                  • Instruction ID: d280f94dc959e2dc1ca3690b08fa52c3ac2b66ef920413c7e37fc9005caf6341
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d31d72ddc2393c1eb8957d45a23df1af4273040c40ac266a7d65e0c31cfe02f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 961145B68043498FCB10DF9AC545BDEBBF4FB48320F14841AD518A7740D378A544CFA5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1316604899.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_cbd000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 689c5197cb1b40c1f70e687ce9ba6298838bf0641742ec6c4cfe388aad2c88ff
                                                                                                                                                                                                                                  • Instruction ID: 1b0f8651cd6354da49d8f008ddfcfba6a033cfd0a44965fb87a422bdaa78cd92
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 689c5197cb1b40c1f70e687ce9ba6298838bf0641742ec6c4cfe388aad2c88ff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13210475604204DFCB14EF18E9C4B66BF65FB88314F24C5ADE80A4B296D33AD807CA61
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1316604899.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_cbd000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0706b9f70d31fbe1cf1b45db7f0b31f9e5d739980d86dcf1e7dc0c34db78cddc
                                                                                                                                                                                                                                  • Instruction ID: f6d2d37cf96a932281dab464a37457909fc462179ab9e36300bc1cff67493184
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0706b9f70d31fbe1cf1b45db7f0b31f9e5d739980d86dcf1e7dc0c34db78cddc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD212675504284EFDB05DF14D9C0B66BBA5FB88314F20C5ADE80A4B296D336DC46CB62
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1316604899.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_cbd000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 17af92a021706ca3015a6297eeb3344a90dd55b2edbcd4dbd7d1955e0134e184
                                                                                                                                                                                                                                  • Instruction ID: f9ace10b9d3b1dbc0a8ce3caf00aadfe9eb1d96b839398119b27b4b190dafe30
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17af92a021706ca3015a6297eeb3344a90dd55b2edbcd4dbd7d1955e0134e184
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1219F755093C08FCB02DF24D994715BF71EB46314F29C5EAD8498F2A7C33A980ACB62
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1316604899.0000000000CBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CBD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_cbd000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                                                                                                                                                                                                  • Instruction ID: f4d4f62628b3b31526736ea9df2c9bd06e61e8dd07607bab777bf951bc6772cf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3be7094ea246a7cddba5200c6ce82fad2e7d53e3ec886449491685f026f1607
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B11BB75504280DFCB02CF10C5C4B15BBA1FB84314F24C6A9D84A4B296D33AD84ACB62
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1315820040.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_cad000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 78e750290c02fed22dda8120d7a6978f1b038ddf2b1b336c015b5a787e09c1e5
                                                                                                                                                                                                                                  • Instruction ID: db718cf5e4e7e698b3a3113a12c78fac121b36d834133eee8f8edc0dd4f47c2c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78e750290c02fed22dda8120d7a6978f1b038ddf2b1b336c015b5a787e09c1e5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88012B710043459AE7248F1ACD88B67BF98DF52328F18C56AED1B8A69ED2799840C671
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1315820040.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_cad000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: eb5937a0e060f5b289b07884bd29f3cc42ab409241a4eee43661f7831d4cf4e5
                                                                                                                                                                                                                                  • Instruction ID: 99056d541718ed6d92691d17bcea1413b0da1c9cacb0c63e9ed9a7b02e417f51
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb5937a0e060f5b289b07884bd29f3cc42ab409241a4eee43661f7831d4cf4e5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30F0FC714043449EE7148F15CD88B66FF98EF51334F18C45AED099B29AC2799C44CB71
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: {#L
                                                                                                                                                                                                                                  • API String ID: 0-1361971085
                                                                                                                                                                                                                                  • Opcode ID: 4fb1acd980a50bf1cd7cdf919b3e1ebf76a0e90daff7ee27005a74f3318adda2
                                                                                                                                                                                                                                  • Instruction ID: 0c30b5228888daf2d9669c60bd326c031b3e6c35ac0f9753c63893f3311d2500
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fb1acd980a50bf1cd7cdf919b3e1ebf76a0e90daff7ee27005a74f3318adda2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7BD13774E09219CFDB48CFAAD98049EFBF2BF88340F14D52AE419AB265D7349902CF54
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: {#L
                                                                                                                                                                                                                                  • API String ID: 0-1361971085
                                                                                                                                                                                                                                  • Opcode ID: 7b80a11c4d3d67c0d246da3e7809838d2aee0259a47ee309c97d03ebcd4b537e
                                                                                                                                                                                                                                  • Instruction ID: 9588f287305fbdde452194cb41d44917193237603d424102b63a2f67386c886a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b80a11c4d3d67c0d246da3e7809838d2aee0259a47ee309c97d03ebcd4b537e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19D12574E09219CFDB58CFAAD98059EFBF2BF88340F14D52AE419AB264D7349902CF54
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 98R
                                                                                                                                                                                                                                  • API String ID: 0-576591972
                                                                                                                                                                                                                                  • Opcode ID: 37932d943ead1e029261ecfcf2bc1fb1d64ad6a3bc4af715443e29050eac0a3f
                                                                                                                                                                                                                                  • Instruction ID: 28f7c57e6f1c1372c59dcc851d9549baa3809094f0b11ea595f66281386ff15d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37932d943ead1e029261ecfcf2bc1fb1d64ad6a3bc4af715443e29050eac0a3f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A7159B5E0120ADFDB44CFAAD5809AEFBB1FF89310F64942AE415AB314D3349A41CF94
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: iUfo
                                                                                                                                                                                                                                  • API String ID: 0-3820436262
                                                                                                                                                                                                                                  • Opcode ID: a4d2e459320083074dc4254827b6c93d3af7f6d2e29901575902c01e41f91942
                                                                                                                                                                                                                                  • Instruction ID: bc7b6f49f88066ba3fee5e178ac5e92c503dd524bc7830f9e06d877874926c71
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a4d2e459320083074dc4254827b6c93d3af7f6d2e29901575902c01e41f91942
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC511874E012199FCF44CFAAD8855EDFBF2FF89300F10942AE905E7254E7385A018BA5
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: iUfo
                                                                                                                                                                                                                                  • API String ID: 0-3820436262
                                                                                                                                                                                                                                  • Opcode ID: 83be844e15baa6c17c15ab015e4e8e0fef20c26ec7cd09de2032dbbf2a36c9e7
                                                                                                                                                                                                                                  • Instruction ID: 82bce1b1e11dce62756ca00f624099b66faebe9bd67f4f58f3d15cc6df8e9018
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83be844e15baa6c17c15ab015e4e8e0fef20c26ec7cd09de2032dbbf2a36c9e7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0951E575E012199FDB44CFAAD5855EDFBF2FF88300F10942AE905B7254E7345A418F94
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: w7e^
                                                                                                                                                                                                                                  • API String ID: 0-1657886525
                                                                                                                                                                                                                                  • Opcode ID: f68c62ef4294ed7b84ceeddefee849d540e96a84182c673930c2803198bc32c7
                                                                                                                                                                                                                                  • Instruction ID: c90f57365bfca20befd111c77cfcccb6e5d98f9263f13deee94baa1f390bf0c4
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f68c62ef4294ed7b84ceeddefee849d540e96a84182c673930c2803198bc32c7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A35138B4D0520ADFDB44CFAAC9805EEFBB2FB89200F14956AD455F7254D3389A41CF98
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: w7e^
                                                                                                                                                                                                                                  • API String ID: 0-1657886525
                                                                                                                                                                                                                                  • Opcode ID: 93e2bed2ee0206bdea98b55dd61e54be8ae019addf37b59220124d71f3998790
                                                                                                                                                                                                                                  • Instruction ID: 04e41e7d4f3bf4460f4a7dd5860979c590b399145a0c755a235291cc0833fc86
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93e2bed2ee0206bdea98b55dd61e54be8ae019addf37b59220124d71f3998790
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9141F5B4D0521ADFDB44CFABC8805EEFBB1FB89201F14952AD456B7254D7388642CF98
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: w7e^
                                                                                                                                                                                                                                  • API String ID: 0-1657886525
                                                                                                                                                                                                                                  • Opcode ID: 9d35e3dac69e1706dc1c69808ce3524fca2b47aed2aefeadb78c2246cf594918
                                                                                                                                                                                                                                  • Instruction ID: 983e52e3d210e71a2ec22439b0d38d1a290b29aa014897dfac52e61cae9d96d7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d35e3dac69e1706dc1c69808ce3524fca2b47aed2aefeadb78c2246cf594918
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 144105B0D0520ADFDB44CFA7C4816EEFBB1FB89201F14952AD455B6254D7388642CF99
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 0ni
                                                                                                                                                                                                                                  • API String ID: 0-1488673370
                                                                                                                                                                                                                                  • Opcode ID: a927117d541f0dcacaee23637eb2194eea8040981674e514bc0693f3635f7568
                                                                                                                                                                                                                                  • Instruction ID: d26f30ea54b916b6212064802042d4655775310aeb0859b3e838ab8c744d7609
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a927117d541f0dcacaee23637eb2194eea8040981674e514bc0693f3635f7568
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22516C71E056188BDB58CF6B9D4479EFBF3AFC8300F14C1BA950CA6264DB300A968F51
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 62617b7afd8302e9ee8676b5c6ac5e259851e56872835d9cf9fc8ccd5e73ae57
                                                                                                                                                                                                                                  • Instruction ID: cab1d43511ee0ca58c3f67b2aaaddfed218a9a47a1b85c9da99c4880a2978078
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 62617b7afd8302e9ee8676b5c6ac5e259851e56872835d9cf9fc8ccd5e73ae57
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20C16E72F0015A8FD704DAA9C8846AEFBF6BFC8210F198565E418EB355EA70DD42CB90
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6978c7f96e68ba04ee0b5ad13398e026220e1d761645924238b78f495f2c6b8f
                                                                                                                                                                                                                                  • Instruction ID: af4e3cae57de05ee9d4045860d2a0a50df9c770fc12f43236643486f4ac8a4de
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6978c7f96e68ba04ee0b5ad13398e026220e1d761645924238b78f495f2c6b8f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33E16BB0E102198FCB54CFA9C5909AEFBF2FF89304F249169D415AB356C730A942CF61
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 66a07cc971d39504e1ab228a4063ed32780b3d2f82c311d8a3d512d62e5a9419
                                                                                                                                                                                                                                  • Instruction ID: e99c5b88c124f9a32c36b6ac2abcb1ee20699334b58bed457f3d90d62f95e45b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66a07cc971d39504e1ab228a4063ed32780b3d2f82c311d8a3d512d62e5a9419
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14E13AB4E101198FCB54DFA9C5909AEFBB2FF88304F2491A9D415AB356DB70A941CFA0
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8f080a3ed849d7ef6d008f5c731d71144f74221bb63be5582550df61279059aa
                                                                                                                                                                                                                                  • Instruction ID: 9e4a368e29f842a76df17eed233de6d8e18b35f8d47576e46a53762dc70eaaea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f080a3ed849d7ef6d008f5c731d71144f74221bb63be5582550df61279059aa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3E14BB4E101198FCB54DFA9C5909AEFBB2FF88304F249169E414AB356DB74AD41CFA0
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 609ce6df663f777d79b84198d3022e865a9fa247d44e1d4750e432f32773ca39
                                                                                                                                                                                                                                  • Instruction ID: b01374077587387e89895586e6f0a21a64958c26521d67b62b91ff05d53bfaa3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 609ce6df663f777d79b84198d3022e865a9fa247d44e1d4750e432f32773ca39
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06E15AB4E101198FCB64DFA9C5909AEFBF2FF88304F249169E415AB356C770A941CF61
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7946b41face58879e9d082217b03ff5f0c0ef053d271c70a24b4f8631f91a00d
                                                                                                                                                                                                                                  • Instruction ID: 0380f6ad3da38db1015fd8f68af201196367f08f395c66ae11683208e0dcc521
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7946b41face58879e9d082217b03ff5f0c0ef053d271c70a24b4f8631f91a00d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93E15AB4E101198FCB54DFA9C5909AEFBF2FF88304F249169D415AB356CB70A941CFA1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f94a31f89170f18ca65b81df7f55c0447b4847dc297f54e6cbd6418ce2e12a10
                                                                                                                                                                                                                                  • Instruction ID: 1644b4e42711274c1aa7c543d9be7187d0597a00805fc08fd4bb87b17c764fb9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f94a31f89170f18ca65b81df7f55c0447b4847dc297f54e6cbd6418ce2e12a10
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83D1F53191079A8ACB00EB64DAA069DB771FFD5300F20879AE50A77665FF706AC5CB81
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1318640846.0000000000D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D00000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_d00000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a1bf7495a7a5090557a7ac5d42f36a9b7860aa7445fcc1dd90b1d0885f126b04
                                                                                                                                                                                                                                  • Instruction ID: a8227acfc65a92f0c5bc5450122ffb5f4b5d8be9fcf620e3541d6b7940bd84f2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1bf7495a7a5090557a7ac5d42f36a9b7860aa7445fcc1dd90b1d0885f126b04
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1A18136E002059FCF15DFB5C84069EB7B2FFC4310B25857AE80AAB2A5DB71E945CB60
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323727612.0000000005560000.00000040.00000800.00020000.00000000.sdmp, Offset: 05560000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5560000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e78b3bc1ec07a11fc6c6e879f19888379d0de7caed270708730150da9545d0a0
                                                                                                                                                                                                                                  • Instruction ID: 39ade13ae1d7f014bb8191eb51e26c7cf752ea73d7c4fd273400e9ec25c7463e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e78b3bc1ec07a11fc6c6e879f19888379d0de7caed270708730150da9545d0a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 85D1F53191079A8ACB00EB64DA6069DB771FFD5300F20879AE50A77665FF706AC5CB81
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b5c0e1e4886f14c205462445f552909589909cbf87757382836fae2e9176d96d
                                                                                                                                                                                                                                  • Instruction ID: cec50ee1924153e48cacb78d0e134924108d8487c0f7db1c2abbe9ece19e4131
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b5c0e1e4886f14c205462445f552909589909cbf87757382836fae2e9176d96d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD91C274A15219CFDB44CF9AC58499EFBF2FF88314F249969E415AB220D330EA41CFA5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b6690f43db17d77d8ea7e139b0b5b06b7d1993b1372adeef0a852c0a0958bae8
                                                                                                                                                                                                                                  • Instruction ID: 61f553021864ce60c97371a18cb1dbfa423495dc311b83bf923cca462161df58
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6690f43db17d77d8ea7e139b0b5b06b7d1993b1372adeef0a852c0a0958bae8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E481D374A1521ACFDB44CF9AC58499EFBF2FF88314B149969E415AB220D330EA41CFA5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b066e46500334586a1d1245a8e096376a496615f40f30fe27f40c98c287d59fa
                                                                                                                                                                                                                                  • Instruction ID: 5bd4a5458e2ddda1bc075f5fa497efeafbc457d014363cd38bc9766b779693de
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b066e46500334586a1d1245a8e096376a496615f40f30fe27f40c98c287d59fa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53815B74E101298FCB54DF6AC9809AEFBB2FF89304F24C1A9D418A7256D734AE41CF61
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 798cb0b46d935e116ade84810a6487ac955a15b3e8feaef1a14e48a61aa62a1a
                                                                                                                                                                                                                                  • Instruction ID: dfa3e6ed76afe03883070459e66fccd68a83ed8255a472e13ce60770cfed1597
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 798cb0b46d935e116ade84810a6487ac955a15b3e8feaef1a14e48a61aa62a1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0371C774E156098FDB44CFAAC9809DEFBF2FF89210F24942AE415F7254D7349A418B68
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 55778b33b460b61caf99d8506c10ee8ec55d0a6c49418583222945e81e71c535
                                                                                                                                                                                                                                  • Instruction ID: b6ee9776ba8975fefbe8a257c5bf6f18fca67b919a00319fdee159b39e65b17b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 55778b33b460b61caf99d8506c10ee8ec55d0a6c49418583222945e81e71c535
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1871D974E156098FDB44CF9AC9819DEFBF2FF89210F24942AE415F7254D334AA418B68
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1323923937.0000000006BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BB0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6bb0000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b53c168169bd82ed7b728a4d754e123d8648e854d191660f07666650ffdf88d1
                                                                                                                                                                                                                                  • Instruction ID: 11824d8d8ecca7568b2ad11cd8956aaf6ce3828139db51a41ebe7126829bfb30
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b53c168169bd82ed7b728a4d754e123d8648e854d191660f07666650ffdf88d1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 905128B1E102198BCB54CFAAC9805AEFBF2BF89304F24C1A9D419A7355D7709941CFA1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2957cc5f5eae49ae8e24ec407ceae84eb335168e30e24bb2ee7ebe3785498fb4
                                                                                                                                                                                                                                  • Instruction ID: 1250f45eb6a909ede556af17ce117a1b3580860ca8b02dbd5ed393d75442f941
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2957cc5f5eae49ae8e24ec407ceae84eb335168e30e24bb2ee7ebe3785498fb4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02413E75D0620ADFDB44CFA6C5816AEFBF2AF88300F20D46AD118F7264D3744B518B95
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e4aa3e58d766b3cb69c14cd1be2c9f812e64fc2b0fb296c7a08b4b49932ca6e6
                                                                                                                                                                                                                                  • Instruction ID: eead103191d63365ad1781260f5d91a7f9752c36ef224e4a0657b57485a8d560
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4aa3e58d766b3cb69c14cd1be2c9f812e64fc2b0fb296c7a08b4b49932ca6e6
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C641F8B0E0520ACFDB44CFAAC5815AEFBF2EF88200F24D569D915B7254D7349A41CBA8
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3525b6ec872b524753bd61ec0b59f0e9183770f44192f15501969889d5d4c435
                                                                                                                                                                                                                                  • Instruction ID: 8a3bb90c44c61b087a178468d93e010ef5bd644b930addd94479b0a431fd0f92
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3525b6ec872b524753bd61ec0b59f0e9183770f44192f15501969889d5d4c435
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88410DB0E0520ACFDB44CFAAC5815AEFBF2FF88300F24D569D915A7255D7349A41CBA8
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1aede2b08aa1e08eb45a2755aed4159ca8627835c5723551d20947e11d891933
                                                                                                                                                                                                                                  • Instruction ID: f8d9ec50a20db6344a6e7d0d621d589e113f9f4df6306c84480a6d0dddf3226a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1aede2b08aa1e08eb45a2755aed4159ca8627835c5723551d20947e11d891933
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92413A74E0520ADFDB44CFA6D5816AEFBF1AB98300F10946AD118F7264E3744B518F99
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 72f8065cec5bcd41e8462389fe26bb1d9575a3a05951bf2082e5ff4bb9fe850a
                                                                                                                                                                                                                                  • Instruction ID: 39a3c0fd6c0d1bab08101f5d528de4962b334cb25e8c5bd5cdd9a1c322705caa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72f8065cec5bcd41e8462389fe26bb1d9575a3a05951bf2082e5ff4bb9fe850a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4441C6B0E0560A9FDB44CFAAD4816AEFBF2AF88300F14C46AE515A7254D7349A41CFA4
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ff3e731150d16741251c6bc63549d78c45eafbc2dae454ebc2d2d424095d4824
                                                                                                                                                                                                                                  • Instruction ID: 26314a64eb62cded2ff84465bd3b9d60d1664b33865fb919a0535fbb5d0ff79d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff3e731150d16741251c6bc63549d78c45eafbc2dae454ebc2d2d424095d4824
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F41D4B0D0520ADFDB44CFAAD4805AEFBF2BB88200F14C46AD515B7254D3349A41CFA4
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.1324037378.0000000006C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C60000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_6c60000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0ddef8c2f9207127810a2a9baba7fdaa9c3abb975c137c3cddbe8de1a589bd2d
                                                                                                                                                                                                                                  • Instruction ID: 2770ac9e0c27e945f7a5af07a9c21493beff2172b2bce04e60c29ad3717fbb45
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ddef8c2f9207127810a2a9baba7fdaa9c3abb975c137c3cddbe8de1a589bd2d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B221F971E016189BEB58CFAB9C4069EFBF3AFC9200F18C17AD918A6264EB3406558F55

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:11.9%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                                  Total number of Nodes:177
                                                                                                                                                                                                                                  Total number of Limit Nodes:12
                                                                                                                                                                                                                                  execution_graph 36214 8196878 36215 8196a03 36214->36215 36216 819689e 36214->36216 36216->36215 36218 8195e28 36216->36218 36219 8196af8 PostMessageW 36218->36219 36220 8196b64 36219->36220 36220->36216 36002 15ad01c 36003 15ad034 36002->36003 36004 15ad08e 36003->36004 36010 5650ad4 36003->36010 36019 5651e98 36003->36019 36023 5651ea8 36003->36023 36027 5652c08 36003->36027 36036 5651ef7 36003->36036 36013 5650adf 36010->36013 36011 5652c79 36057 5650bfc 36011->36057 36013->36011 36014 5652c69 36013->36014 36041 5652da0 36014->36041 36046 5652d90 36014->36046 36051 5652e6c 36014->36051 36015 5652c77 36020 5651ea8 36019->36020 36021 5651eef 36020->36021 36022 5650ad4 CallWindowProcW 36020->36022 36021->36004 36022->36021 36024 5651ece 36023->36024 36025 5651eef 36024->36025 36026 5650ad4 CallWindowProcW 36024->36026 36025->36004 36026->36025 36028 5652c18 36027->36028 36029 5652c79 36028->36029 36031 5652c69 36028->36031 36030 5650bfc CallWindowProcW 36029->36030 36032 5652c77 36030->36032 36033 5652da0 CallWindowProcW 36031->36033 36034 5652d90 CallWindowProcW 36031->36034 36035 5652e6c CallWindowProcW 36031->36035 36033->36032 36034->36032 36035->36032 36037 5651ee7 36036->36037 36040 5651f02 36036->36040 36038 5650ad4 CallWindowProcW 36037->36038 36039 5651eef 36038->36039 36039->36004 36040->36004 36042 5652db4 36041->36042 36061 5652e48 36042->36061 36065 5652e58 36042->36065 36043 5652e40 36043->36015 36047 5652da0 36046->36047 36049 5652e48 CallWindowProcW 36047->36049 36050 5652e58 CallWindowProcW 36047->36050 36048 5652e40 36048->36015 36049->36048 36050->36048 36052 5652e2a 36051->36052 36053 5652e7a 36051->36053 36055 5652e48 CallWindowProcW 36052->36055 36056 5652e58 CallWindowProcW 36052->36056 36054 5652e40 36054->36015 36055->36054 36056->36054 36058 5650c07 36057->36058 36059 565435a CallWindowProcW 36058->36059 36060 5654309 36058->36060 36059->36060 36060->36015 36062 5652e58 36061->36062 36063 5652e69 36062->36063 36068 5654292 36062->36068 36063->36043 36066 5652e69 36065->36066 36067 5654292 CallWindowProcW 36065->36067 36066->36043 36067->36066 36069 5650bfc CallWindowProcW 36068->36069 36070 56542aa 36069->36070 36070->36063 36071 2f2d0b8 36072 2f2d0fe 36071->36072 36076 2f2d298 36072->36076 36079 2f2d289 36072->36079 36073 2f2d1eb 36082 2f2c9a0 36076->36082 36080 2f2d2c6 36079->36080 36081 2f2c9a0 DuplicateHandle 36079->36081 36080->36073 36081->36080 36083 2f2d300 DuplicateHandle 36082->36083 36084 2f2d2c6 36083->36084 36084->36073 36085 2f2ad38 36088 2f2ae30 36085->36088 36086 2f2ad47 36089 2f2ae64 36088->36089 36090 2f2ae41 36088->36090 36089->36086 36090->36089 36091 2f2b068 GetModuleHandleW 36090->36091 36092 2f2b095 36091->36092 36092->36086 36093 2f24668 36094 2f24684 36093->36094 36095 2f24696 36094->36095 36099 2f247a0 36094->36099 36104 2f23e10 36095->36104 36097 2f246b5 36100 2f247c5 36099->36100 36111 2f248b0 36100->36111 36115 2f248a1 36100->36115 36105 2f23e1b 36104->36105 36123 2f25c54 36105->36123 36107 2f26ff0 36108 2f26ff8 36107->36108 36127 5656938 36107->36127 36137 5656948 36107->36137 36108->36097 36113 2f248d7 36111->36113 36112 2f249b4 36112->36112 36113->36112 36119 2f24248 36113->36119 36116 2f248b0 36115->36116 36117 2f249b4 36116->36117 36118 2f24248 CreateActCtxA 36116->36118 36118->36117 36120 2f25940 CreateActCtxA 36119->36120 36122 2f25a03 36120->36122 36124 2f25c5f 36123->36124 36147 2f25c64 36124->36147 36126 2f2709d 36126->36107 36129 5656948 36127->36129 36128 5656c7a 36134 5657260 KiUserExceptionDispatcher 36128->36134 36135 5657250 KiUserExceptionDispatcher 36128->36135 36136 5657219 KiUserExceptionDispatcher 36128->36136 36129->36128 36201 5657260 36129->36201 36205 5657250 36129->36205 36209 5657219 36129->36209 36130 5656d9e 36134->36130 36135->36130 36136->36130 36139 565696b 36137->36139 36138 5656c7a 36141 5657260 KiUserExceptionDispatcher 36138->36141 36142 5657250 KiUserExceptionDispatcher 36138->36142 36143 5657219 KiUserExceptionDispatcher 36138->36143 36139->36138 36144 5657260 KiUserExceptionDispatcher 36139->36144 36145 5657250 KiUserExceptionDispatcher 36139->36145 36146 5657219 KiUserExceptionDispatcher 36139->36146 36140 5656d9e 36141->36140 36142->36140 36143->36140 36144->36139 36145->36139 36146->36139 36148 2f25c6f 36147->36148 36151 2f25c94 36148->36151 36150 2f2717a 36150->36126 36152 2f25c9f 36151->36152 36155 2f25cc4 36152->36155 36154 2f2726d 36154->36150 36156 2f25ccf 36155->36156 36157 2f28691 36156->36157 36160 2f2cdf0 36156->36160 36165 2f2cde0 36156->36165 36157->36154 36161 2f2ce11 36160->36161 36162 2f2ce35 36161->36162 36170 2f2cfa0 36161->36170 36174 2f2cf90 36161->36174 36162->36157 36167 2f2ce11 36165->36167 36166 2f2ce35 36166->36157 36167->36166 36168 2f2cfa0 CreateWindowExW 36167->36168 36169 2f2cf90 CreateWindowExW 36167->36169 36168->36166 36169->36166 36171 2f2cfad 36170->36171 36172 2f2cfe7 36171->36172 36178 2f2c8d8 36171->36178 36172->36162 36175 2f2cfa0 36174->36175 36176 2f2cfe7 36175->36176 36177 2f2c8d8 CreateWindowExW 36175->36177 36176->36162 36177->36176 36179 2f2c8e3 36178->36179 36181 2f2d8f8 36179->36181 36182 2f2ca04 36179->36182 36183 2f2ca0f 36182->36183 36184 2f25cc4 CreateWindowExW 36183->36184 36185 2f2d967 36184->36185 36189 2f2f6c8 36185->36189 36195 2f2f6e0 36185->36195 36186 2f2d9a1 36186->36181 36191 2f2f711 36189->36191 36192 2f2f811 36189->36192 36190 2f2f71d 36190->36186 36191->36190 36193 5650dc8 CreateWindowExW 36191->36193 36194 5650db8 CreateWindowExW 36191->36194 36192->36186 36193->36192 36194->36192 36197 2f2f811 36195->36197 36198 2f2f711 36195->36198 36196 2f2f71d 36196->36186 36197->36186 36198->36196 36199 5650dc8 CreateWindowExW 36198->36199 36200 5650db8 CreateWindowExW 36198->36200 36199->36197 36200->36197 36202 565726d 36201->36202 36203 56572b7 36202->36203 36204 56572cd KiUserExceptionDispatcher 36202->36204 36203->36129 36204->36203 36206 565726d 36205->36206 36207 56572b7 36206->36207 36208 56572cd KiUserExceptionDispatcher 36206->36208 36207->36129 36208->36207 36210 565726d 36209->36210 36212 5657222 36209->36212 36211 56572b7 36210->36211 36213 56572cd KiUserExceptionDispatcher 36210->36213 36211->36129 36212->36129 36213->36211
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1494232173.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_8190000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $_q
                                                                                                                                                                                                                                  • API String ID: 0-238743419
                                                                                                                                                                                                                                  • Opcode ID: f11fbe1b754cfb8f93a8fe6f064868a1887c03bd29cd3c04e65fd5d0d77af59e
                                                                                                                                                                                                                                  • Instruction ID: 94e6c5030f6b80bff58a7b0d984b37fb7acedbea35fd44ee9a6a3320053a992d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f11fbe1b754cfb8f93a8fe6f064868a1887c03bd29cd3c04e65fd5d0d77af59e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D71B374E01218DFDF18DFA5D880AADBBB2BF89301F208469D429BB354DB359986CF50

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1057 2f2ae30-2f2ae3f 1058 2f2ae41-2f2ae4e call 2f29838 1057->1058 1059 2f2ae6b-2f2ae6f 1057->1059 1064 2f2ae50 1058->1064 1065 2f2ae64 1058->1065 1060 2f2ae83-2f2aec4 1059->1060 1061 2f2ae71-2f2ae7b 1059->1061 1068 2f2aed1-2f2aedf 1060->1068 1069 2f2aec6-2f2aece 1060->1069 1061->1060 1115 2f2ae56 call 2f2b0c8 1064->1115 1116 2f2ae56 call 2f2b0b8 1064->1116 1065->1059 1071 2f2af03-2f2af05 1068->1071 1072 2f2aee1-2f2aee6 1068->1072 1069->1068 1070 2f2ae5c-2f2ae5e 1070->1065 1075 2f2afa0-2f2afb7 1070->1075 1076 2f2af08-2f2af0f 1071->1076 1073 2f2aef1 1072->1073 1074 2f2aee8-2f2aeef call 2f2a814 1072->1074 1078 2f2aef3-2f2af01 1073->1078 1074->1078 1090 2f2afb9-2f2b018 1075->1090 1079 2f2af11-2f2af19 1076->1079 1080 2f2af1c-2f2af23 1076->1080 1078->1076 1079->1080 1082 2f2af30-2f2af39 call 2f2a824 1080->1082 1083 2f2af25-2f2af2d 1080->1083 1088 2f2af46-2f2af4b 1082->1088 1089 2f2af3b-2f2af43 1082->1089 1083->1082 1091 2f2af69-2f2af76 1088->1091 1092 2f2af4d-2f2af54 1088->1092 1089->1088 1108 2f2b01a-2f2b060 1090->1108 1099 2f2af78-2f2af96 1091->1099 1100 2f2af99-2f2af9f 1091->1100 1092->1091 1093 2f2af56-2f2af66 call 2f2a834 call 2f2a844 1092->1093 1093->1091 1099->1100 1110 2f2b062-2f2b065 1108->1110 1111 2f2b068-2f2b093 GetModuleHandleW 1108->1111 1110->1111 1112 2f2b095-2f2b09b 1111->1112 1113 2f2b09c-2f2b0b0 1111->1113 1112->1113 1115->1070 1116->1070
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02F2B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1475348758.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f20000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 301360cb6eeb7c3274745d3328210db960c5e3f628bc2efebb2f78caaf0200b3
                                                                                                                                                                                                                                  • Instruction ID: 5f6f39073e281fef724d6440c5e92a71f70ca9bd43c210e22a4cd8453876fd87
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 301360cb6eeb7c3274745d3328210db960c5e3f628bc2efebb2f78caaf0200b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 907157B0A00B158FD724DF2AD54075ABBF1FF89344F00892DE58ADBA50D739E849CB91

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1132 5651ce4-5651d56 1135 5651d61-5651d68 1132->1135 1136 5651d58-5651d5e 1132->1136 1137 5651d73-5651dab 1135->1137 1138 5651d6a-5651d70 1135->1138 1136->1135 1139 5651db3-5651e12 CreateWindowExW 1137->1139 1138->1137 1140 5651e14-5651e1a 1139->1140 1141 5651e1b-5651e53 1139->1141 1140->1141 1145 5651e55-5651e58 1141->1145 1146 5651e60 1141->1146 1145->1146 1147 5651e61 1146->1147 1147->1147
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05651E02
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1486208326.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_5650000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                                                                                  • Opcode ID: 1c8b2c68d74af9cf00db1a39eda09a4d1a0b1d2a7a9aff7fb43435cd25d736a4
                                                                                                                                                                                                                                  • Instruction ID: b0d00b21559e703f77069b60ab8b6cb54caa169e8d7a42b02505899ae2605149
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c8b2c68d74af9cf00db1a39eda09a4d1a0b1d2a7a9aff7fb43435cd25d736a4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A51B0B1D00309AFDB14CF99C884ADEBBB5FF49314F64822AE819AB210D7759945CF90

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1117 5650aa8-5651d56 1119 5651d61-5651d68 1117->1119 1120 5651d58-5651d5e 1117->1120 1121 5651d73-5651e12 CreateWindowExW 1119->1121 1122 5651d6a-5651d70 1119->1122 1120->1119 1124 5651e14-5651e1a 1121->1124 1125 5651e1b-5651e53 1121->1125 1122->1121 1124->1125 1129 5651e55-5651e58 1125->1129 1130 5651e60 1125->1130 1129->1130 1131 5651e61 1130->1131 1131->1131
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05651E02
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1486208326.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_5650000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                                                                                                                  • Opcode ID: 688f0621e2e15eb2ab027587f89644f52cffdb01e92805343007d3866384f7dc
                                                                                                                                                                                                                                  • Instruction ID: 4ef4701c2ec72cf45bd51b91982b86f581ae9e8c7ef1c681e3aa7afe1fcf64b6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 688f0621e2e15eb2ab027587f89644f52cffdb01e92805343007d3866384f7dc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 755190B1D0034DAFDB14CF99C984ADEBBB6FF49310F64812AE819AB210D7759945CF90

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1148 5650bfc-56542fc 1151 5654302-5654307 1148->1151 1152 56543ac-56543cc call 5650ad4 1148->1152 1153 5654309-5654340 1151->1153 1154 565435a-5654392 CallWindowProcW 1151->1154 1160 56543cf-56543dc 1152->1160 1161 5654342-5654348 1153->1161 1162 5654349-5654358 1153->1162 1156 5654394-565439a 1154->1156 1157 565439b-56543aa 1154->1157 1156->1157 1157->1160 1161->1162 1162->1160
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 05654381
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1486208326.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_5650000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                                                                                                  • Opcode ID: e5b9dade767406ba7c162a7baa310211e70dbe355eeb7e45247ca581abf2904a
                                                                                                                                                                                                                                  • Instruction ID: a815ad2991b44060c0e925aa29cefb7155f4cd9425801d320eba3013020b8f00
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5b9dade767406ba7c162a7baa310211e70dbe355eeb7e45247ca581abf2904a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C413BB5900309DFCB14CF9AC448AAABBF5FF88324F14C599E919A7321D735A845CFA0

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1165 2f24248-2f25a01 CreateActCtxA 1168 2f25a03-2f25a09 1165->1168 1169 2f25a0a-2f25a64 1165->1169 1168->1169 1176 2f25a73-2f25a77 1169->1176 1177 2f25a66-2f25a69 1169->1177 1178 2f25a88-2f25ab8 1176->1178 1179 2f25a79-2f25a85 1176->1179 1177->1176 1183 2f25a6a 1178->1183 1184 2f25aba-2f25b3c 1178->1184 1179->1178 1183->1176
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02F259F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1475348758.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f20000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 6a9bb1c1a33d5c486a0e629f00ed621cb6f6e40de69a5d816bf30c4aaeb1293a
                                                                                                                                                                                                                                  • Instruction ID: 25cc37e155b27e83eff9356da1ea324e45e5118679db5ad8ebc67a73c5412910
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a9bb1c1a33d5c486a0e629f00ed621cb6f6e40de69a5d816bf30c4aaeb1293a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6341EFB0D0062DCFDB24DFA9C884B9DBBB5FF49304F60806AD408AB254DB756949CF90

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1186 2f25935-2f2593c 1187 2f25944-2f25a01 CreateActCtxA 1186->1187 1189 2f25a03-2f25a09 1187->1189 1190 2f25a0a-2f25a64 1187->1190 1189->1190 1197 2f25a73-2f25a77 1190->1197 1198 2f25a66-2f25a69 1190->1198 1199 2f25a88-2f25ab8 1197->1199 1200 2f25a79-2f25a85 1197->1200 1198->1197 1204 2f25a6a 1199->1204 1205 2f25aba-2f25b3c 1199->1205 1200->1199 1204->1197
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 02F259F1
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1475348758.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f20000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                                                                  • Opcode ID: 0b195c6f249ff6c17cfdd56ec7b437b27781bdf669f41e8886b341e6dc2f7e8b
                                                                                                                                                                                                                                  • Instruction ID: ff0210a69d6aca87c7f3d80110c817261e5a975b6ff7e89a90a403f0029b05f7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b195c6f249ff6c17cfdd56ec7b437b27781bdf669f41e8886b341e6dc2f7e8b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9441F0B0D00629CFDB24DFA9C884B8DBBB5FF49304F20806AD408BB255DB756949CF90

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1294 2f2c9a0-2f2d394 DuplicateHandle 1296 2f2d396-2f2d39c 1294->1296 1297 2f2d39d-2f2d3ba 1294->1297 1296->1297
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02F2D2C6,?,?,?,?,?), ref: 02F2D387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1475348758.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f20000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: df17e80c19d78148736af95b15e85601b2d72c7e1d396b8b069b1c387900ff38
                                                                                                                                                                                                                                  • Instruction ID: eaad3d8a3df230525dd0a68cd19b00c3d5f127ddf3a4f29f135ae8df5d6a6064
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df17e80c19d78148736af95b15e85601b2d72c7e1d396b8b069b1c387900ff38
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B21E4B5D00218AFDB10DFAAD984ADEBFF4FB49310F14845AE918A3310D375A954CFA4
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02F2D2C6,?,?,?,?,?), ref: 02F2D387
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1475348758.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f20000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                                  • Opcode ID: 33293f4e08db3d31ad0b3a5fd5077fbf8c6cbd315648498e2519b542702cef1a
                                                                                                                                                                                                                                  • Instruction ID: 203a5e7f2d04d757d80d983d8268cf8ed84d324d1b259592f2de6fc0edf52f4d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33293f4e08db3d31ad0b3a5fd5077fbf8c6cbd315648498e2519b542702cef1a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3721E0B5D00218AFDB10CFA9D985ADEBBF4EB48314F14841AE918B3210D374A954CFA0
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 056572DC
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1486208326.0000000005650000.00000040.00000800.00020000.00000000.sdmp, Offset: 05650000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_5650000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                                                                                  • Opcode ID: 33e8ecb059b8bfaf8d3c6adc2c0d02f6092a8c643c9838f66902152782782309
                                                                                                                                                                                                                                  • Instruction ID: 32c3604d3e80b4abeb722efba9d07e6bc17be1667f5a2ee532cf0e2848e70f41
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 33e8ecb059b8bfaf8d3c6adc2c0d02f6092a8c643c9838f66902152782782309
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1521D074E152189BCB08CFA9E988ADDBBF6FF88310F10502AE805B3350DB341945CB54
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 08196B55
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1494232173.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_8190000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: 01121c6850dddad5575b7dc1083d513a251add861860630ffc81fee2ffb502be
                                                                                                                                                                                                                                  • Instruction ID: 5becf02897da4a6b7e28610e919f720bb1a3c35a171b70b9a426131ae179291a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01121c6850dddad5575b7dc1083d513a251add861860630ffc81fee2ffb502be
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C1110B59003499FCB10DF9AD888BDEBBF8EB48320F10845AE858A7200D375A954CFB1
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 08196B55
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1494232173.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_8190000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                                                                  • Opcode ID: ce68b8965a6fe01a9f2997a8e13ebf5fd74fc6e2adae00fcd123aac22279dc84
                                                                                                                                                                                                                                  • Instruction ID: 90ac7fb8813d13b39836e3fbba48919be058588ccd6149b351396e391924bf04
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce68b8965a6fe01a9f2997a8e13ebf5fd74fc6e2adae00fcd123aac22279dc84
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F11FEB59003499FCB10DF9AC988BDEBBF8FB58320F10845AE959A7200D375A954CFB5
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 02F2B086
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1475348758.0000000002F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F20000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_2f20000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                                                                  • Opcode ID: 8fda32fa249bd0230a42d7923094cf872607a481ca25dcd5c894512595ac3bdf
                                                                                                                                                                                                                                  • Instruction ID: 9bf944d4a3ea94925c8ff50dfbb8c86c62e18c903b35b46862dac54a0fb6c0b9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fda32fa249bd0230a42d7923094cf872607a481ca25dcd5c894512595ac3bdf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92110FB6D003498FCB20DF9AC844B9EFBF4AB89714F10841AD929B7210C375A549CFA5
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1471788624.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_159d000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 32f021acafcf28cfe56e6037a9b74c4cacec72eaf22dbbcbdc7d538bf7287184
                                                                                                                                                                                                                                  • Instruction ID: c7cc562390d282fbb23850a255b08c65f2f82644c5828a66d637812107b82b09
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32f021acafcf28cfe56e6037a9b74c4cacec72eaf22dbbcbdc7d538bf7287184
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9021F476504240DFCF05DF98D9C0B2ABFB5FB88314F248669E9490F256C33AD416CBA2
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1471895605.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_15ad000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ff25a36a309d6edbb8c9f0ea81bdd0dd78b18c36ed861c8af5d551c282723a07
                                                                                                                                                                                                                                  • Instruction ID: 9edc9a592279d1340c5671f5a6c59beb7408902d299b70e26249fe1d3ef54c0c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff25a36a309d6edbb8c9f0ea81bdd0dd78b18c36ed861c8af5d551c282723a07
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33214271284200DFCB11EF68D980B2ABFB1FB88314F60C96DE80A0F656D33AD407CA61
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1471895605.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_15ad000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 88a53442e809473c3a2fe73736c70574638b1fda37130b7e119ce49cef8fbbff
                                                                                                                                                                                                                                  • Instruction ID: f104dd22e3fc93bcf5311351c30e2577c79d1eea0ae4c6820c4b3571fceb3a57
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88a53442e809473c3a2fe73736c70574638b1fda37130b7e119ce49cef8fbbff
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA21CF355483808FCB03CF24C990719BF71FB46214F29C1EAD8498F6A3C33A980ACB62
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1471788624.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_159d000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0ba41b1534e0b140cab357806c61da93050629d49bf63a26b6c0316e6a0221c2
                                                                                                                                                                                                                                  • Instruction ID: 35c17133fe73b04c6f6167fbeb6124f56006f3ba3f9c830388290ba8fb530ed3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ba41b1534e0b140cab357806c61da93050629d49bf63a26b6c0316e6a0221c2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93219D76504280DFDF16CF54D9C4B1ABF72FB88314F2486A9E9490E256C33AD426CB92
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1471788624.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_159d000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c0e98dfcbf683a49f38926b3ecb4f9581a969ddf74e7323658005a7443b84e61
                                                                                                                                                                                                                                  • Instruction ID: e799cebd88c11411f24cfdb70635979af7e8fc80c2a90730586fa2244fd55749
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0e98dfcbf683a49f38926b3ecb4f9581a969ddf74e7323658005a7443b84e61
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9601F7711083449AEB209A9ACD84B66FFE8FF41320F08C95AED095E286C3BC9840C672
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1471788624.000000000159D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0159D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_159d000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ca15ff1bce9a14a5c893f8a4637decb63c9a0e30b9f0050854339ddc79f2a77f
                                                                                                                                                                                                                                  • Instruction ID: 1573f0a5f7cfe2b3d796fd074b70ddbc6caaacb885897934415a2d6278013aab
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca15ff1bce9a14a5c893f8a4637decb63c9a0e30b9f0050854339ddc79f2a77f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F0C271408344AEEB208A0ACC84B66FFA8FF41224F18C45AED085E286C2B99844CA71
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1494232173.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_8190000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4ee834dc59e897df0fbf3fccc506cffa317c79dfbcbb1c53689eef25337bd596
                                                                                                                                                                                                                                  • Instruction ID: d994b56254140a3b343a4e547e81ff7b55caed0294b19e2e1c4640bafcd2aa72
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ee834dc59e897df0fbf3fccc506cffa317c79dfbcbb1c53689eef25337bd596
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97F065B0C05619CFEF288F54D8987BEBBB4BF0A30AF106059D05A73180CBB55A88DF84
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.1494232173.0000000008190000.00000040.00000800.00020000.00000000.sdmp, Offset: 08190000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_8190000_#U0417#U0430#U043f#U0440#U043e#U0441 11.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6ad507661c3f7d1fd71aab3dcceaec9d263e44b0a0390cfec669461c8c972188
                                                                                                                                                                                                                                  • Instruction ID: fdf5e509bcc753189323126eaf42c64a1dc4913a973ed39f928c44d01e6c23f9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ad507661c3f7d1fd71aab3dcceaec9d263e44b0a0390cfec669461c8c972188
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EE09274C4610EDAEF18CF51E4147FFF6746F45305F606449C80673240DB704A468FAA